www.mediafire.com Open in urlscan Pro
104.16.53.48 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file
Effective URL:
https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file
Submission: On August 12 via manual (August 12th 2023, 2:50:29 am UTC) from CA — Scanned from CA

Summary HTTP 328 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 82 IPs in 7 countries across 93 domains to perform 328 HTTP transactions. The main IP is 104.16.53.48, located in and belongs to CLOUDFLARENET, US. The main domain is www.mediafire.com. The Cisco Umbrella rank of the primary domain is 34569.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on August 30th 2022. Valid for: a year.

This is the only time www.mediafire.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 17	104.16.53.48 104.16.53.48	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	172.67.144.62 172.67.144.62	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	142.250.80.72 142.250.80.72	15169 (GOOGLE) (GOOGLE)
1	104.26.6.139 104.26.6.139	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.21.93.25 104.21.93.25	13335 (CLOUDFLAR...) (CLOUDFLARENET)
17	142.251.40.142 142.251.40.142	15169 (GOOGLE) (GOOGLE)
1	104.16.57.101 104.16.57.101	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	18.164.115.7 18.164.115.7	16509 (AMAZON-02) (AMAZON-02)
2	104.19.214.37 104.19.214.37	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	31.13.71.36 31.13.71.36	32934 (FACEBOOK) (FACEBOOK)
3	130.211.23.194 130.211.23.194	15169 (GOOGLE) (GOOGLE)
2	104.26.2.70 104.26.2.70	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	142.250.72.102 142.250.72.102	15169 (GOOGLE) (GOOGLE)
5	50.16.223.119 50.16.223.119	14618 (AMAZON-AES) (AMAZON-AES)
10	172.64.136.15 172.64.136.15	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	52.35.197.209 52.35.197.209	16509 (AMAZON-02) (AMAZON-02)
2	31.13.71.7 31.13.71.7	32934 (FACEBOOK) (FACEBOOK)
13	142.250.64.98 142.250.64.98	15169 (GOOGLE) (GOOGLE)
3	142.251.40.131 142.251.40.131	15169 (GOOGLE) (GOOGLE)
3	142.251.32.106 142.251.32.106	15169 (GOOGLE) (GOOGLE)
2	142.250.65.238 142.250.65.238	15169 (GOOGLE) (GOOGLE)
2	172.253.63.155 172.253.63.155	15169 (GOOGLE) (GOOGLE)
2	142.251.41.3 142.251.41.3	15169 (GOOGLE) (GOOGLE)
1	34.107.148.139 34.107.148.139	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
5	18.207.17.231 18.207.17.231	14618 (AMAZON-AES) (AMAZON-AES)
1	104.36.115.111 104.36.115.111	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2	108.138.128.46 108.138.128.46	16509 (AMAZON-02) (AMAZON-02)
1	54.156.134.244 54.156.134.244	14618 (AMAZON-AES) (AMAZON-AES)
1 13	54.85.119.254 54.85.119.254	14618 (AMAZON-AES) (AMAZON-AES)
2	142.250.81.228 142.250.81.228	15169 (GOOGLE) (GOOGLE)
1	142.250.80.99 142.250.80.99	15169 (GOOGLE) (GOOGLE)
4	151.101.129.229 151.101.129.229	54113 (FASTLY) (FASTLY)
1	104.22.53.86 104.22.53.86	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	34.102.146.192 34.102.146.192	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	74.119.119.131 74.119.119.131	19750 (AS-CRITEO) (AS-CRITEO)
1	18.164.114.27 18.164.114.27	16509 (AMAZON-02) (AMAZON-02)
1	34.96.70.87 34.96.70.87	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
5	142.251.40.161 142.251.40.161	15169 (GOOGLE) (GOOGLE)
1 2	34.120.135.53 34.120.135.53	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
9	142.251.40.193 142.251.40.193	15169 (GOOGLE) (GOOGLE)
10	142.251.32.98 142.251.32.98	15169 (GOOGLE) (GOOGLE)
8	23.198.216.24 23.198.216.24	16625 (AKAMAI-AS) (AKAMAI-AS)
14 35	34.230.170.218 34.230.170.218	14618 (AMAZON-AES) (AMAZON-AES)
3	34.196.116.51 34.196.116.51	14618 (AMAZON-AES) (AMAZON-AES)
6 6	3.227.250.65 3.227.250.65	() ()
3	54.236.93.201 54.236.93.201	() ()
3 7	18.233.70.253 18.233.70.253	14618 (AMAZON-AES) (AMAZON-AES)
3	18.164.116.28 18.164.116.28	16509 (AMAZON-02) (AMAZON-02)
5	23.77.173.8 23.77.173.8	16625 (AKAMAI-AS) (AKAMAI-AS)
3	162.248.18.36 162.248.18.36	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	104.126.116.169 104.126.116.169	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 6	104.36.115.113 104.36.115.113	62713 (AS-PUBMATIC) (AS-PUBMATIC)
3	74.119.119.139 74.119.119.139	19750 (AS-CRITEO) (AS-CRITEO)
5	23.47.144.150 23.47.144.150	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 2	151.101.66.49 151.101.66.49	54113 (FASTLY) (FASTLY)
3 3	199.38.167.130 199.38.167.130	54312 (ROCKETFUEL) (ROCKETFUEL)
11	8.28.7.83 8.28.7.83	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 3	52.46.155.104 52.46.155.104	16509 (AMAZON-02) (AMAZON-02)
6 8	142.251.40.162 142.251.40.162	15169 (GOOGLE) (GOOGLE)
2 2	34.133.71.175 34.133.71.175	() ()
6 6	3.33.220.150 3.33.220.150	16509 (AMAZON-02) (AMAZON-02)
2 28	162.248.18.37 162.248.18.37	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 2	50.116.194.21 50.116.194.21	() ()
1	44.210.181.70 44.210.181.70	14618 (AMAZON-AES) (AMAZON-AES)
3 3	3.225.218.10 3.225.218.10	() ()
6	162.248.18.34 162.248.18.34	62713 (AS-PUBMATIC) (AS-PUBMATIC)
14	23.52.163.93 23.52.163.93	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	69.166.1.34 69.166.1.34	27630 (AS-XFERNET) (AS-XFERNET)
6 6	54.174.91.172 54.174.91.172	14618 (AMAZON-AES) (AMAZON-AES)
9 9	35.211.178.172 35.211.178.172	19527 (GOOGLE-2) (GOOGLE-2)
4 4	35.207.24.140 35.207.24.140	15169 (GOOGLE) (GOOGLE)
4 4	64.202.112.127 64.202.112.127	23352 (SERVERCEN...) (SERVERCENTRAL)
2 3	104.107.25.203 104.107.25.203	16625 (AKAMAI-AS) (AKAMAI-AS)
4 4	185.184.8.90 185.184.8.90	204995 (RTB-HOUSE...) (RTB-HOUSE-AMS)
9	142.251.40.194 142.251.40.194	15169 (GOOGLE) (GOOGLE)
3	3.233.86.45 3.233.86.45	14618 (AMAZON-AES) (AMAZON-AES)
3 3	185.167.164.37 185.167.164.37	198622 (ADFORM) (ADFORM)
1 1	69.173.151.100 69.173.151.100	26667 (RUBICONPR...) (RUBICONPROJECT)
3 3	74.119.119.150 74.119.119.150	19750 (AS-CRITEO) (AS-CRITEO)
12 12	52.44.140.40 52.44.140.40	14618 (AMAZON-AES) (AMAZON-AES)
4 4	193.122.130.38 193.122.130.38	31898 (ORACLE-BM...) (ORACLE-BMC-31898)
2 2	192.40.39.223 192.40.39.223	27381 (CASALE-MEDIA) (CASALE-MEDIA)
2 2	198.148.27.131 198.148.27.131	19189 (PULSEPOINT) (PULSEPOINT)
2 2	23.105.12.172 23.105.12.172	30633 (LEASEWEB-...) (LEASEWEB-USA-WDC)
8 8	68.67.179.166 68.67.179.166	29990 (ASN-APPNEX) (ASN-APPNEX)
4 4	173.231.178.85 173.231.178.85	() ()
2	8.18.47.7 8.18.47.7	398989 (DEEPINTENT) (DEEPINTENT)
2 2	192.184.68.254 192.184.68.254	14618 (AMAZON-AES) (AMAZON-AES)
4 4	8.18.45.76 8.18.45.76	() ()
2 2	34.238.29.96 34.238.29.96	() ()
1 1	51.255.68.171 51.255.68.171	16276 (OVH) (OVH)
2 2	35.210.53.219 35.210.53.219	19527 (GOOGLE-2) (GOOGLE-2)
2 2	54.197.248.161 54.197.248.161	14618 (AMAZON-AES) (AMAZON-AES)
1 2	104.18.24.173 104.18.24.173	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	54.225.185.242 54.225.185.242	() ()
1 1	34.102.163.6 34.102.163.6	() ()
1 1	35.214.211.255 35.214.211.255	() ()
1 1	69.90.254.78 69.90.254.78	() ()
4 5	34.111.113.62 34.111.113.62	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	40.76.134.238 40.76.134.238	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 2	35.71.139.29 35.71.139.29	16509 (AMAZON-02) (AMAZON-02)
1 2	38.68.201.140 38.68.201.140	() ()
2	207.198.113.89 207.198.113.89	() ()
1 1	82.145.213.8 82.145.213.8	() ()
4 4	199.127.204.171 199.127.204.171	() ()
1 1	172.105.221.29 172.105.221.29	() ()
1	35.186.193.173 35.186.193.173	() ()
1 1	20.85.134.6 20.85.134.6	() ()
1	162.55.120.196 162.55.120.196	() ()
1	195.5.165.20 195.5.165.20	() ()
2 2	104.127.64.185 104.127.64.185	() ()
1	54.156.202.94 54.156.202.94	() ()
1	52.21.24.201 52.21.24.201	() ()
1 1	34.102.253.54 34.102.253.54	() ()
15	108.139.29.37 108.139.29.37	() ()
1	142.250.206.99 142.250.206.99	() ()
1 1	76.13.32.147 76.13.32.147	() ()
1 1	104.17.216.204 104.17.216.204	() ()
328	82

17 104.16.53.48 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.mediafire.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static.mediafire.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.67.144.62 (United States)

ASN13335 (CLOUDFLARENET, US)

the.gatekeeperconsent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
privacy.gatekeeperconsent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.80.72 (Staten Island, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s35-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.26.6.139 (None, )

ASN13335 (CLOUDFLARENET, US)

btloader.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.21.93.25 (None, )

ASN13335 (CLOUDFLARENET, US)

www.ezojs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 142.251.40.142 (Newark, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s80-in-f14.1e100.net

translate.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fundingchoicesmessages.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.57.101 (None, )

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.164.115.7 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-164-115-7.jfk50.r.cloudfront.net

cdn.amplitude.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.19.214.37 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn.otnolatrnup.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
otnolatrnup.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 31.13.71.36 (Secaucus, United States)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-01-lga3.facebook.com

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 130.211.23.194 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 194.23.211.130.bc.googleusercontent.com

api.btloader.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.26.2.70 (None, )

ASN13335 (CLOUDFLARENET, US)

ad-delivery.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.72.102 (United States)

ASN15169 (GOOGLE, US)
PTR: lga34s32-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 50.16.223.119 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-50-16-223-119.compute-1.amazonaws.com

g.ezoic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 172.64.136.15 (United States)

ASN13335 (CLOUDFLARENET, US)

go.ezodn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.35.197.209 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-35-197-209.us-west-2.compute.amazonaws.com

api.amplitude.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 31.13.71.7 (Secaucus, United States)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-lga3.fbcdn.net

static.xx.fbcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 142.250.64.98 (United States)

ASN15169 (GOOGLE, US)
PTR: lga34s31-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.251.40.131 (Newark, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s80-in-f3.1e100.net

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.251.32.106 (Marriottsville, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s77-in-f10.1e100.net

translate.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.65.238 (United States)

ASN15169 (GOOGLE, US)
PTR: lga25s73-in-f14.1e100.net

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.253.63.155 (United States)

ASN15169 (GOOGLE, US)
PTR: bi-in-f155.1e100.net

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.251.41.3 (Marriottsville, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s40-in-f3.1e100.net

www.google.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.107.148.139 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 139.148.107.34.bc.googleusercontent.com

prebid.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 18.207.17.231 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-207-17-231.compute-1.amazonaws.com

btlr.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.36.115.111 (United States)

ASN62713 (AS-PUBMATIC, US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 108.138.128.46 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-128-46.jfk50.r.cloudfront.net

tags.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.156.134.244 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-156-134-244.compute-1.amazonaws.com

ad.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 54.85.119.254 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-85-119-254.compute-1.amazonaws.com

bcp.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.81.228 (Staten Island, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s74-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.80.99 (Staten Island, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s36-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.101.129.229 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.22.53.86 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn.id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.146.192 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 192.146.102.34.bc.googleusercontent.com

oa.openxcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.119.119.131 (United States)

ASN19750 (AS-CRITEO, US)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.164.114.27 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-164-114-27.jfk50.r.cloudfront.net

cdn.prod.uidapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.70.87 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 87.70.96.34.bc.googleusercontent.com

invstatic101.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.251.40.161 (Newark, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s81-in-f1.1e100.net

90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.120.135.53 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 53.135.120.34.bc.googleusercontent.com

oajs.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

google-bidout-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 142.251.40.193 (Newark, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s38-in-f1.1e100.net

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 142.251.32.98 (Marriottsville, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s77-in-f2.1e100.net

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 23.198.216.24 (Piscataway, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-198-216-24.deploy.static.akamaitechnologies.com

hbx.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
warp.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
hblg.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cs.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
lg3.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c21lg-d.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

35 34.230.170.218 (Ashburn, United States) 14 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-230-170-218.compute-1.amazonaws.com

rtb.adentifi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.196.116.51 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-196-116-51.compute-1.amazonaws.com

beacon.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 3.227.250.65 (None, ) 6 redirects

ASN- ()

i.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 54.236.93.201 (None, )

ASN- ()

i6.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 18.233.70.253 (Ashburn, United States) 3 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-233-70-253.compute-1.amazonaws.com

thrtle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.164.116.28 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-164-116-28.jfk50.r.cloudfront.net

choices.truste.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 23.77.173.8 (Piscataway, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-77-173-8.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 162.248.18.36 (United States)

ASN62713 (AS-PUBMATIC, US)

st.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.126.116.169 (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a104-126-116-169.deploy.static.akamaitechnologies.com

mnadshield-a.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.36.115.113 (United States) 1 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 74.119.119.139 (United States)

ASN19750 (AS-CRITEO, US)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 23.47.144.150 (Piscataway, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-47-144-150.deploy.static.akamaitechnologies.com

c.pm-serv.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
l.pm-serv.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.66.49 (United States) 1 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 199.38.167.130 (United States) 3 redirects

ASN54312 (ROCKETFUEL, US)

p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 8.28.7.83 (United States)

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.46.155.104 (Ashburn, United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 142.251.40.162 (Newark, United States) 6 redirects

ASN15169 (GOOGLE, US)
PTR: lga25s81-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.133.71.175 (None, ) 2 redirects

ASN- ()

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 3.33.220.150 (Seattle, United States) 6 redirects

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

28 162.248.18.37 (United States) 2 redirects

ASN62713 (AS-PUBMATIC, US)

simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 50.116.194.21 (None, ) 2 redirects

ASN- ()

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 44.210.181.70 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-210-181-70.compute-1.amazonaws.com

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.225.218.10 (None, ) 3 redirects

ASN- ()

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 162.248.18.34 (United States)

ASN62713 (AS-PUBMATIC, US)

image4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
simage4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 23.52.163.93 (New York, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-52-163-93.deploy.static.akamaitechnologies.com

contextual.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.166.1.34 (United States) 1 redirects

ASN27630 (AS-XFERNET, US)

sync.go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 54.174.91.172 (Ashburn, United States) 6 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-174-91-172.compute-1.amazonaws.com

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 35.211.178.172 (North Charleston, United States) 9 redirects

ASN19527 (GOOGLE-2, US)
PTR: 172.178.211.35.bc.googleusercontent.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.207.24.140 (North Charleston, United States) 4 redirects

ASN15169 (GOOGLE, US)
PTR: 140.24.207.35.bc.googleusercontent.com

rtb.mfadsrvr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 64.202.112.127 (United States) 4 redirects

ASN23352 (SERVERCENTRAL, US)
PTR: ny.outbrain.com

b1sync.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.107.25.203 (Secaucus, United States) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-107-25-203.deploy.static.akamaitechnologies.com

stags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.184.8.90 (Amsterdam, Netherlands) 4 redirects

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-90.rtbhouse.net

creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 142.251.40.194 (Newark, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s38-in-f2.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.233.86.45 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-233-86-45.compute-1.amazonaws.com

match.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.167.164.37 (Denmark) 3 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.151.100 (United States) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 74.119.119.150 (United States) 3 redirects

ASN19750 (AS-CRITEO, US)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 52.44.140.40 (Ashburn, United States) 12 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-44-140-40.compute-1.amazonaws.com

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 193.122.130.38 (Ashburn, United States) 4 redirects

ASN31898 (ORACLE-BMC-31898, US)

sync.technoratimedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.40.39.223 (Canada) 2 redirects

ASN27381 (CASALE-MEDIA, CA)

ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 198.148.27.131 (New York, United States) 2 redirects

ASN19189 (PULSEPOINT, US)

bh.contextweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.105.12.172 (Manassas, United States) 2 redirects

ASN30633 (LEASEWEB-USA-WDC, US)

rtb-csync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 68.67.179.166 (North Bergen, United States) 8 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 575.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 173.231.178.85 (None, ) 4 redirects

ASN- ()

cm.adgrx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 8.18.47.7 (Miami, United States)

ASN398989 (DEEPINTENT, US)

match.deepintent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.184.68.254 (United States) 2 redirects

ASN14618 (AMAZON-AES, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 8.18.45.76 (None, ) 4 redirects

ASN- ()

pubmatic-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.238.29.96 (None, ) 2 redirects

ASN- ()

sync.ipredictive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.255.68.171 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: ns3028611.ip-51-255-68.eu

dsp.nrich.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.210.53.219 (Brussels, Belgium) 2 redirects

ASN19527 (GOOGLE-2, US)
PTR: 219.53.210.35.bc.googleusercontent.com

pool.admedo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.197.248.161 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-197-248-161.compute-1.amazonaws.com

sync.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.24.173 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.225.185.242 (None, ) 1 redirects

ASN- ()

beacon.lynx.cognitivlabs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.163.6 (None, ) 1 redirects

ASN- ()

ad.mrtnsvr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.214.211.255 (None, ) 1 redirects

ASN- ()

csync.loopme.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.90.254.78 (None, ) 1 redirects

ASN- ()

ums.acuityplatform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 34.111.113.62 (Kansas City, United States) 4 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 62.113.111.34.bc.googleusercontent.com

pixel.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 40.76.134.238 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

us01.z.antigena.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.71.139.29 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: afb83dd09526a6517.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 38.68.201.140 (None, ) 1 redirects

ASN- ()

pmp.mxptint.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 207.198.113.89 (None, )

ASN- ()

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 82.145.213.8 (None, ) 1 redirects

ASN- ()

t.adx.opera.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 199.127.204.171 (None, ) 4 redirects

ASN- ()

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.105.221.29 (None, ) 1 redirects

ASN- ()

gocm.c.appier.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.193.173 (None, )

ASN- ()

ipac.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 20.85.134.6 (None, ) 1 redirects

ASN- ()

mweb.ck.inmobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.55.120.196 (None, )

ASN- ()

matching.truffle.bid	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 195.5.165.20 (None, )

ASN- ()

core.iprom.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.127.64.185 (None, ) 2 redirects

ASN- ()

px.owneriq.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.156.202.94 (None, )

ASN- ()

crb.kargo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.21.24.201 (None, )

ASN- ()

sync.bfmio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.253.54 (None, ) 1 redirects

ASN- ()

ads.playground.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 108.139.29.37 (None, )

ASN- ()

choices.trustarc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.206.99 (None, )

ASN- ()

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 76.13.32.147 (None, ) 1 redirects

ASN- ()

cms.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.216.204 (None, ) 1 redirects

ASN- ()

dmp.truoptik.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
60	pubmatic.com 3 redirects hbopenbid.pubmatic.com — Cisco Umbrella Rank: 592 ads.pubmatic.com — Cisco Umbrella Rank: 553 st.pubmatic.com — Cisco Umbrella Rank: 1217 image6.pubmatic.com — Cisco Umbrella Rank: 809 image2.pubmatic.com — Cisco Umbrella Rank: 938 simage2.pubmatic.com — Cisco Umbrella Rank: 786 image4.pubmatic.com simage4.pubmatic.com — Cisco Umbrella Rank: 1265	92 KB
35	adentifi.com 14 redirects rtb.adentifi.com — Cisco Umbrella Rank: 1356	7 KB
24	doubleclick.net 6 redirects ad.doubleclick.net — Cisco Umbrella Rank: 194 securepubads.g.doubleclick.net — Cisco Umbrella Rank: 206 stats.g.doubleclick.net — Cisco Umbrella Rank: 114 cm.g.doubleclick.net — Cisco Umbrella Rank: 239	215 KB
23	googlesyndication.com 90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 151 pagead2.googlesyndication.com — Cisco Umbrella Rank: 130	110 KB
23	media.net prebid.media.net — Cisco Umbrella Rank: 1373 hbx.media.net — Cisco Umbrella Rank: 1274 warp.media.net — Cisco Umbrella Rank: 2699 hblg.media.net — Cisco Umbrella Rank: 2148 contextual.media.net — Cisco Umbrella Rank: 649 cs.media.net — Cisco Umbrella Rank: 1558 lg3.media.net — Cisco Umbrella Rank: 6384 c21lg-d.media.net — Cisco Umbrella Rank: 2495	65 KB
19	google.com translate.google.com — Cisco Umbrella Rank: 1322 analytics.google.com — Cisco Umbrella Rank: 180 www.google.com — Cisco Umbrella Rank: 3 fundingchoicesmessages.google.com — Cisco Umbrella Rank: 1649	94 KB
17	mediafire.com 1 redirects www.mediafire.com — Cisco Umbrella Rank: 34569 static.mediafire.com — Cisco Umbrella Rank: 62767	253 KB
16	crwdcntrl.net 1 redirects tags.crwdcntrl.net — Cisco Umbrella Rank: 1034 ad.crwdcntrl.net — Cisco Umbrella Rank: 6925 bcp.crwdcntrl.net — Cisco Umbrella Rank: 886 sync.crwdcntrl.net — Cisco Umbrella Rank: 851	32 KB
15	trustarc.com choices.trustarc.com	53 KB
12	bidr.io 12 redirects match.prod.bidr.io — Cisco Umbrella Rank: 615	7 KB
10	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 214	305 KB
10	ezodn.com go.ezodn.com — Cisco Umbrella Rank: 9569	16 KB
9	bidswitch.net 9 redirects x.bidswitch.net — Cisco Umbrella Rank: 354	5 KB
9	liadm.com 6 redirects i.liadm.com i6.liadm.com	4 KB
8	adnxs.com 8 redirects ib.adnxs.com — Cisco Umbrella Rank: 221 secure.adnxs.com — Cisco Umbrella Rank: 464	6 KB
8	sharethrough.com btlr.sharethrough.com — Cisco Umbrella Rank: 1307 match.sharethrough.com — Cisco Umbrella Rank: 566	3 KB
7	thrtle.com 3 redirects thrtle.com — Cisco Umbrella Rank: 1364	2 KB
6	w55c.net 6 redirects pm.w55c.net — Cisco Umbrella Rank: 977	4 KB
6	adsrvr.org 6 redirects match.adsrvr.org — Cisco Umbrella Rank: 363	3 KB
6	criteo.com 3 redirects gum.criteo.com — Cisco Umbrella Rank: 425 dis.criteo.com — Cisco Umbrella Rank: 608	8 KB
5	tapad.com 4 redirects pixel.tapad.com — Cisco Umbrella Rank: 499	1 KB
5	yahoo.com 4 redirects pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 465 ups.analytics.yahoo.com cms.analytics.yahoo.com	2 KB
5	pm-serv.co c.pm-serv.co — Cisco Umbrella Rank: 16555 l.pm-serv.co — Cisco Umbrella Rank: 17154	88 KB
5	openx.net 1 redirects oajs.openx.net — Cisco Umbrella Rank: 1497 google-bidout-d.openx.net — Cisco Umbrella Rank: 1496 us-u.openx.net — Cisco Umbrella Rank: 482	1 KB
5	creativecdn.com 4 redirects invstatic101.creativecdn.com — Cisco Umbrella Rank: 1539 creativecdn.com — Cisco Umbrella Rank: 509	3 KB
5	gstatic.com www.gstatic.com fonts.gstatic.com csi.gstatic.com	12 KB
5	ezoic.net g.ezoic.net — Cisco Umbrella Rank: 14258	5 KB
4	dotomi.com 4 redirects pubmatic-match.dotomi.com	1 KB
4	adgrx.com 4 redirects cm.adgrx.com	2 KB
4	technoratimedia.com 4 redirects sync.technoratimedia.com — Cisco Umbrella Rank: 1398	4 KB
4	zemanta.com 4 redirects b1sync.zemanta.com — Cisco Umbrella Rank: 557	3 KB
4	mfadsrvr.com 4 redirects rtb.mfadsrvr.com — Cisco Umbrella Rank: 1194	2 KB
4	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 356	29 KB
4	btloader.com btloader.com — Cisco Umbrella Rank: 1116 api.btloader.com — Cisco Umbrella Rank: 1172	7 KB
3	1rx.io 3 redirects sync.1rx.io	2 KB
3	adform.net 3 redirects c1.adform.net — Cisco Umbrella Rank: 604	2 KB
3	bluekai.com 2 redirects stags.bluekai.com — Cisco Umbrella Rank: 603 tags.bluekai.com	3 KB
3	amazon-adsystem.com 1 redirects s.amazon-adsystem.com — Cisco Umbrella Rank: 317	2 KB
3	rfihub.com 3 redirects p.rfihub.com — Cisco Umbrella Rank: 891	2 KB
3	truste.com choices.truste.com — Cisco Umbrella Rank: 865	30 KB
3	krxd.net beacon.krxd.net — Cisco Umbrella Rank: 638	1012 B
3	googleapis.com translate.googleapis.com — Cisco Umbrella Rank: 1228	76 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 65	216 KB
2	owneriq.net 2 redirects px.owneriq.net	1 KB
2	sitescout.com pixel-sync.sitescout.com	374 B
2	mxptint.net 1 redirects pmp.mxptint.net	967 B
2	3lift.com 1 redirects eb2.3lift.com — Cisco Umbrella Rank: 406	736 B
2	cognitivlabs.com 1 redirects beacon.lynx.cognitivlabs.com	831 B
2	tribalfusion.com 1 redirects a.tribalfusion.com — Cisco Umbrella Rank: 841 s.tribalfusion.com — Cisco Umbrella Rank: 1914	1 KB
2	stackadapt.com 2 redirects sync.srv.stackadapt.com — Cisco Umbrella Rank: 791	2 KB
2	admedo.com 2 redirects pool.admedo.com — Cisco Umbrella Rank: 5819	749 B
2	ipredictive.com 2 redirects sync.ipredictive.com	1 KB
2	quantserve.com 2 redirects cms.quantserve.com — Cisco Umbrella Rank: 857	1 KB
2	deepintent.com match.deepintent.com — Cisco Umbrella Rank: 1148	349 B
2	smartadserver.com 2 redirects rtb-csync.smartadserver.com — Cisco Umbrella Rank: 693	2 KB
2	contextweb.com 2 redirects bh.contextweb.com — Cisco Umbrella Rank: 558	2 KB
2	casalemedia.com 2 redirects ssum-sec.casalemedia.com — Cisco Umbrella Rank: 478	2 KB
2	turn.com 2 redirects ad.turn.com	952 B
2	simpli.fi 2 redirects um.simpli.fi	1 KB
2	everesttech.net 1 redirects sync-tm.everesttech.net — Cisco Umbrella Rank: 777	788 B
2	google.ca www.google.ca — Cisco Umbrella Rank: 9674	515 B
2	fbcdn.net static.xx.fbcdn.net — Cisco Umbrella Rank: 725	135 KB
2	ad-delivery.net ad-delivery.net — Cisco Umbrella Rank: 1192	1 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 54	21 KB
2	otnolatrnup.com cdn.otnolatrnup.com — Cisco Umbrella Rank: 66170 otnolatrnup.com — Cisco Umbrella Rank: 60805	56 KB
2	amplitude.com cdn.amplitude.com — Cisco Umbrella Rank: 3682 api.amplitude.com — Cisco Umbrella Rank: 1689	22 KB
2	gatekeeperconsent.com the.gatekeeperconsent.com — Cisco Umbrella Rank: 31532 privacy.gatekeeperconsent.com — Cisco Umbrella Rank: 36632	9 KB
1	truoptik.com 1 redirects dmp.truoptik.com	549 B
1	playground.xyz 1 redirects ads.playground.xyz	466 B
1	bfmio.com sync.bfmio.com	425 B
1	kargo.com crb.kargo.com	504 B
1	iprom.net core.iprom.net	279 B
1	truffle.bid matching.truffle.bid
1	inmobi.com 1 redirects mweb.ck.inmobi.com	348 B
1	ctnsnet.com ipac.ctnsnet.com	369 B
1	appier.net 1 redirects gocm.c.appier.net	436 B
1	unrulymedia.com 1 redirects sync.targeting.unrulymedia.com	650 B
1	opera.com 1 redirects t.adx.opera.com	554 B
1	antigena.com us01.z.antigena.com — Cisco Umbrella Rank: 3334
1	acuityplatform.com 1 redirects ums.acuityplatform.com	674 B
1	loopme.me 1 redirects csync.loopme.me	226 B
1	mrtnsvr.com 1 redirects ad.mrtnsvr.com	308 B
1	nrich.ai 1 redirects dsp.nrich.ai — Cisco Umbrella Rank: 3579	566 B
1	rubiconproject.com 1 redirects pixel.rubiconproject.com — Cisco Umbrella Rank: 361	827 B
1	sonobi.com 1 redirects sync.go.sonobi.com — Cisco Umbrella Rank: 1134	715 B
1	akamaihd.net mnadshield-a.akamaihd.net — Cisco Umbrella Rank: 15303	789 B
1	uidapi.com cdn.prod.uidapi.com — Cisco Umbrella Rank: 1676	2 KB
1	criteo.net static.criteo.net — Cisco Umbrella Rank: 617	13 KB
1	openxcdn.net oa.openxcdn.net — Cisco Umbrella Rank: 1617	8 KB
1	id5-sync.com cdn.id5-sync.com — Cisco Umbrella Rank: 887 id5-sync.com Failed	26 KB
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 107	15 KB
1	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 1175	7 KB
1	ezojs.com www.ezojs.com — Cisco Umbrella Rank: 31680	44 KB
328	93

	Domain	Requested by
35	rtb.adentifi.com	14 redirects cdn.jsdelivr.net
28	simage2.pubmatic.com	2 redirects 90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com ads.pubmatic.com www.mediafire.com
15	choices.trustarc.com	choices.truste.com www.mediafire.com choices.trustarc.com
14	contextual.media.net	mnadshield-a.akamaihd.net contextual.media.net www.mediafire.com
14	fundingchoicesmessages.google.com	securepubads.g.doubleclick.net www.mediafire.com
13	securepubads.g.doubleclick.net	www.mediafire.com securepubads.g.doubleclick.net 90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com www.googletagservices.com
12	match.prod.bidr.io	12 redirects
11	image2.pubmatic.com	ads.pubmatic.com 90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com
10	www.googletagservices.com	90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com cdn.jsdelivr.net www.googletagservices.com
10	go.ezodn.com	www.mediafire.com
9	pagead2.googlesyndication.com	www.googletagservices.com securepubads.g.doubleclick.net tpc.googlesyndication.com
9	x.bidswitch.net	9 redirects
9	sync.crwdcntrl.net	90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com bcp.crwdcntrl.net
9	tpc.googlesyndication.com	90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com securepubads.g.doubleclick.net tpc.googlesyndication.com
9	static.mediafire.com	www.mediafire.com
8	cm.g.doubleclick.net	6 redirects bcp.crwdcntrl.net
8	www.mediafire.com	1 redirects www.mediafire.com static.cloudflareinsights.com
7	thrtle.com	3 redirects 90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com www.mediafire.com
6	pm.w55c.net	6 redirects
6	match.adsrvr.org	6 redirects
6	image6.pubmatic.com	1 redirects ads.pubmatic.com
6	i.liadm.com	6 redirects
5	pixel.tapad.com	4 redirects www.mediafire.com
5	simage4.pubmatic.com	ads.pubmatic.com
5	ads.pubmatic.com	90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com www.mediafire.com
5	90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
5	btlr.sharethrough.com	www.mediafire.com
5	g.ezoic.net	www.ezojs.com go.ezodn.com
4	secure.adnxs.com	4 redirects
4	pubmatic-match.dotomi.com	4 redirects
4	cm.adgrx.com	4 redirects
4	ib.adnxs.com	4 redirects
4	sync.technoratimedia.com	4 redirects
4	creativecdn.com	4 redirects
4	b1sync.zemanta.com	4 redirects
4	rtb.mfadsrvr.com	4 redirects
4	cdn.jsdelivr.net	securepubads.g.doubleclick.net 90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com
4	bcp.crwdcntrl.net	1 redirects www.mediafire.com tags.crwdcntrl.net
3	sync.1rx.io	3 redirects
3	dis.criteo.com	3 redirects
3	c1.adform.net	3 redirects
3	match.sharethrough.com	www.mediafire.com
3	ups.analytics.yahoo.com	3 redirects
3	s.amazon-adsystem.com	1 redirects ads.pubmatic.com www.mediafire.com
3	p.rfihub.com	3 redirects
3	c.pm-serv.co	mnadshield-a.akamaihd.net c.pm-serv.co
3	gum.criteo.com	static.criteo.net gum.criteo.com contextual.media.net
3	st.pubmatic.com	90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com
3	choices.truste.com	cdn.jsdelivr.net
3	i6.liadm.com	90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com
3	beacon.krxd.net	90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com
3	translate.googleapis.com
3	www.gstatic.com	www.mediafire.com www.gstatic.com
3	api.btloader.com	btloader.com
3	www.googletagmanager.com	www.mediafire.com www.googletagmanager.com
2	px.owneriq.net	2 redirects
2	pixel-sync.sitescout.com	www.mediafire.com bcp.crwdcntrl.net
2	pmp.mxptint.net	1 redirects www.mediafire.com
2	eb2.3lift.com	1 redirects www.mediafire.com
2	beacon.lynx.cognitivlabs.com	1 redirects ads.pubmatic.com
2	sync.srv.stackadapt.com	2 redirects
2	pool.admedo.com	2 redirects
2	sync.ipredictive.com	2 redirects
2	cms.quantserve.com	2 redirects
2	match.deepintent.com	ads.pubmatic.com
2	rtb-csync.smartadserver.com	2 redirects
2	bh.contextweb.com	2 redirects
2	ssum-sec.casalemedia.com	2 redirects
2	us-u.openx.net	contextual.media.net www.mediafire.com
2	stags.bluekai.com	2 redirects
2	cs.media.net	contextual.media.net
2	l.pm-serv.co	mnadshield-a.akamaihd.net
2	ad.turn.com	2 redirects
2	um.simpli.fi	2 redirects
2	sync-tm.everesttech.net	1 redirects ads.pubmatic.com
2	hblg.media.net	90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com
2	oajs.openx.net	1 redirects www.mediafire.com
2	www.google.com	www.mediafire.com tpc.googlesyndication.com
2	tags.crwdcntrl.net	cdn.otnolatrnup.com securepubads.g.doubleclick.net
2	www.google.ca	www.mediafire.com
2	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
2	analytics.google.com	www.googletagmanager.com
2	static.xx.fbcdn.net	www.facebook.com
2	ad-delivery.net	www.mediafire.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
1	dmp.truoptik.com	1 redirects
1	tags.bluekai.com	bcp.crwdcntrl.net
1	cms.analytics.yahoo.com	1 redirects
1	csi.gstatic.com	pagead2.googlesyndication.com
1	ads.playground.xyz	1 redirects
1	sync.bfmio.com	www.mediafire.com
1	crb.kargo.com	www.mediafire.com
1	core.iprom.net	ads.pubmatic.com
1	matching.truffle.bid	ads.pubmatic.com
1	mweb.ck.inmobi.com	1 redirects
1	ipac.ctnsnet.com	ads.pubmatic.com
1	gocm.c.appier.net	1 redirects
1	sync.targeting.unrulymedia.com	1 redirects
1	t.adx.opera.com	1 redirects
1	us01.z.antigena.com	www.mediafire.com
1	ums.acuityplatform.com	1 redirects
1	csync.loopme.me	1 redirects
1	ad.mrtnsvr.com	1 redirects
1	s.tribalfusion.com	ads.pubmatic.com
1	a.tribalfusion.com	1 redirects
1	dsp.nrich.ai	1 redirects
1	c21lg-d.media.net	contextual.media.net
1	pixel.rubiconproject.com	1 redirects
1	lg3.media.net	c.pm-serv.co
1	sync.go.sonobi.com	1 redirects
1	image4.pubmatic.com	90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com
1	pr-bh.ybp.yahoo.com	90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com
1	mnadshield-a.akamaihd.net	hbx.media.net
1	warp.media.net	90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com
1	hbx.media.net	90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com
1	google-bidout-d.openx.net	oa.openxcdn.net
1	invstatic101.creativecdn.com	securepubads.g.doubleclick.net
1	cdn.prod.uidapi.com	securepubads.g.doubleclick.net
1	static.criteo.net	securepubads.g.doubleclick.net
1	oa.openxcdn.net	securepubads.g.doubleclick.net
1	cdn.id5-sync.com	securepubads.g.doubleclick.net
1	fonts.gstatic.com	www.mediafire.com
1	ad.crwdcntrl.net	cdn.otnolatrnup.com
1	hbopenbid.pubmatic.com	www.mediafire.com
1	prebid.media.net	www.mediafire.com
1	otnolatrnup.com	cdn.otnolatrnup.com
1	api.amplitude.com	cdn.amplitude.com
1	ad.doubleclick.net	www.mediafire.com
1	www.facebook.com	www.mediafire.com
1	cdn.otnolatrnup.com	www.mediafire.com
1	cdn.amplitude.com	www.mediafire.com
1	privacy.gatekeeperconsent.com	the.gatekeeperconsent.com
1	static.cloudflareinsights.com	www.mediafire.com
1	translate.google.com	www.mediafire.com
1	www.ezojs.com	www.mediafire.com
1	btloader.com	www.mediafire.com
1	the.gatekeeperconsent.com	www.mediafire.com
0	id5-sync.com Failed	cdn.id5-sync.com
328	138

This site contains links to these domains. Also see Links.

Domain
download2299.mediafire.com
blog.mediafire.com
fast.io
mediafire.zendesk.com
translate.google.com
twitter.com
www.facebook.com

Subject Issuer	Validity	Valid
*.mediafire.com Sectigo RSA Domain Validation Secure Server CA	`2022-08-30` - `2023-09-30`	a year	crt.sh
gatekeeperconsent.com GTS CA 1P5	`2023-07-05` - `2023-10-03`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-07-17` - `2023-10-09`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-06` - `2024-07-05`	a year	crt.sh
www.ezojs.com GTS CA 1P5	`2023-07-13` - `2023-10-11`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-07-17` - `2023-10-09`	3 months	crt.sh
cdn.amplitude.com Amazon RSA 2048 M01	`2023-01-12` - `2024-02-11`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-05-21` - `2023-08-19`	3 months	crt.sh
api.btloader.com GTS CA 1D4	`2023-08-11` - `2023-11-09`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-07-17` - `2023-10-09`	3 months	crt.sh
ezoic.net R3	`2023-07-19` - `2023-10-17`	3 months	crt.sh
ezodn.com E1	`2023-07-02` - `2023-09-30`	3 months	crt.sh
*.amplitude.com COMODO RSA Domain Validation Secure Server CA	`2023-01-23` - `2024-02-14`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-07-17` - `2023-10-09`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-07-17` - `2023-10-09`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-07-17` - `2023-10-09`	3 months	crt.sh
*.google.ca GTS CA 1C3	`2023-07-17` - `2023-10-09`	3 months	crt.sh
prebid.media.net GTS CA 1D4	`2023-07-05` - `2023-10-03`	3 months	crt.sh
*.sharethrough.com DigiCert Global G3 TLS ECC SHA384 2020 CA1	`2023-08-02` - `2024-08-13`	a year	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2023-04-20` - `2024-05-20`	a year	crt.sh
*.crwdcntrl.net Amazon RSA 2048 M01	`2022-11-07` - `2023-12-06`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-07-17` - `2023-10-09`	3 months	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2022 Q4	`2022-12-23` - `2024-01-24`	a year	crt.sh
oa.openxcdn.net GTS CA 1D4	`2023-07-27` - `2023-10-25`	3 months	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-08-05` - `2023-10-31`	3 months	crt.sh
cdn.prod.uidapi.com R3	`2023-08-10` - `2023-11-08`	3 months	crt.sh
invstatic101.creativecdn.com GTS CA 1D4	`2023-06-27` - `2023-09-25`	3 months	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-07-17` - `2023-10-09`	3 months	crt.sh
*.media.net DigiCert TLS RSA SHA256 2020 CA1	`2023-02-10` - `2024-02-18`	a year	crt.sh
adentifi.com Amazon RSA 2048 M01	`2023-07-06` - `2024-08-03`	a year	crt.sh
*.truste.com Amazon RSA 2048 M02	`2023-02-28` - `2024-01-16`	a year	crt.sh
a248.e.akamai.net DigiCert TLS RSA SHA256 2020 CA1	`2023-05-16` - `2024-05-15`	a year	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-19` - `2023-10-18`	3 months	crt.sh
c.pm-serv.co R3	`2023-07-12` - `2023-10-10`	3 months	crt.sh
*.everesttech.net GlobalSign Atlas R3 DV TLS CA 2023 Q3	`2023-08-11` - `2024-09-11`	a year	crt.sh
s.amazon-adsystem.com Amazon RSA 2048 M01	`2023-03-03` - `2024-02-19`	a year	crt.sh
*.ybp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2023-04-04` - `2023-09-27`	6 months	crt.sh
*.deepintent.com Go Daddy Secure Certificate Authority - G2	`2022-11-30` - `2024-01-01`	a year	crt.sh
beacon.lynx.cognitivlabs.com Amazon RSA 2048 M02	`2023-03-31` - `2024-04-28`	a year	crt.sh
*.z.antigena.com Sectigo ECC Domain Validation Secure Server CA	`2023-04-03` - `2024-04-02`	a year	crt.sh
*.sitescout.com GeoTrust Global TLS RSA4096 SHA256 2022 CA1	`2023-01-09` - `2024-02-02`	a year	crt.sh
*.ctnsnet.com DigiCert TLS RSA SHA256 2020 CA1	`2023-01-04` - `2023-11-06`	10 months	crt.sh
truffle.bid R3	`2023-08-10` - `2023-11-08`	3 months	crt.sh
*.iprom.net R3	`2023-05-23` - `2023-08-21`	3 months	crt.sh
*.thrtle.com Go Daddy Secure Certificate Authority - G2	`2023-03-22` - `2024-04-22`	a year	crt.sh
*.app.kargo.com Amazon RSA 2048 M02	`2023-02-21` - `2024-01-18`	a year	crt.sh
*.bfmio.com Amazon RSA 2048 M02	`2023-03-17` - `2024-04-14`	a year	crt.sh
*.trustarc.com Amazon RSA 2048 M02	`2023-04-17` - `2024-05-14`	a year	crt.sh
odc-pixel-prod-01.oracle.com DigiCert TLS RSA SHA256 2020 CA1	`2023-02-07` - `2024-02-08`	a year	crt.sh

This page contains 64 frames:

Primary Page: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file
Frame ID: 3EDB42ACDB4F45EE49E9EA93B1CD0E7D
Requests: 112 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/like.php?href=http://www.facebook.com/MediaFire&width=193&layout=button_count&action=like&show_faces=false&share=true&height=30&appId=124578887583575
Frame ID: 5ED8B1F3A57B7EBF82C65B6D4F724015
Requests: 3 HTTP requests in this frame

Frame: https://www.mediafire.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/7186c00a/invisible.js
Frame ID: 9B28B80B212D742455D48024C64BB441
Requests: 2 HTTP requests in this frame

Frame: data://truncated
Frame ID: 77C19099DF5F55D0D7987475C27C7F07
Requests: 1 HTTP requests in this frame

Frame: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: D72643212A1F9A70DBA1F12B3BEDF785
Requests: 1 HTTP requests in this frame

Frame: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Frame ID: 9099215E6B7867A869CD5533C008C918
Requests: 1 HTTP requests in this frame

Frame: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 2BF7A7ECA15A7D55A85BFDFEFDF2B612
Requests: 8 HTTP requests in this frame

Frame: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 077C06365DBF55E18C5466E3264C12DF
Requests: 8 HTTP requests in this frame

Frame: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 5D094B36C7A3458417D48E1CA354A368
Requests: 12 HTTP requests in this frame

Frame: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 8E5F7EF07239DABCD89A27088A418F97
Requests: 8 HTTP requests in this frame

Frame: https://www.googletagservices.com/dcm/dcmads.js
Frame ID: 9E3477DFCA48247D7A0777262D51DABD
Requests: 18 HTTP requests in this frame

Frame: https://www.googletagservices.com/dcm/dcmads.js
Frame ID: 8BB3246FD6169336EAD00DB9D1381DD7
Requests: 18 HTTP requests in this frame

Frame: https://www.googletagservices.com/dcm/dcmads.js
Frame ID: C9FD537BA0B314869C30ABDD87BB24FE
Requests: 18 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: DC2356CFD92F64A788115C1E148BC1CD
Requests: 7 HTTP requests in this frame

Frame: https://st.pubmatic.com/AdServer/AdDisplayTrackerServlet?operId=1&pubId=158936&siteId=647353&adId=2570253&imprId=E8BD10C3-FFE2-40FC-97AA-0C1D187CBCA8&cksum=935D0A76082AA911&adType=10&adServerId=243&kefact=1.399469&kaxefact=1.399469&kadNetFrequecy=0&kadwidth=300&kadheight=250&kadsizeid=9&kltstamp=1691808612&indirectAdId=0&adServerOptimizerId=2&ranreq=0.1&kpbmtpfact=1.332827&dcId=2&tldId=0&passback=0&svr=BIDNYC30118&adsver=_115843193&adsabzcid=0&cls=BID&i0=0x3100000000000000&ekefact=ZPPWZMBEAwAcKO-SUG5QkLRTNLEcp7Owy7s57MCjyRpD0GNw&ekaxefact=ZPPWZM5EAwCdhgS4JeEebQ2TPJ_l1DjYDUPvfor0iv9w3vKh&ekpbmtpfact=ZPPWZNtEAwBLvhS-P9NDP0oL_xHzpSkMA_Imcehi47yTjsqy&enpp=ZPPWZOlEAwDbdBm6xgqwDryaOSkiHFRzlWraSDJ4YACbV0Yq&pfi=1&domId=16666437334433960935&dc=NYC3&pubBuyId=9044&crID=334144&lpu=aircanada.com&ucrid=9866637068300546854&campaignId=23354&creativeId=0&pctr=0.000000&wDSPByrId=1&wDspId=964&wbId=0&wrId=3379092&wAdvID=556&wDspCampId=66202&isRTB=1&rtbId=CE06B20E-92DC-4961-A73E-13D7C520DDDF&ver=11&dateHr=2023081202&oid=E8BD10C3-FFE2-40FC-97AA-0C1D187CBCA8&cntryId=40&sec=1&pAuSt=3&wops=0&sURL=mediafire.com&BrID=5
Frame ID: E66BB7F0634FBC84BE9EBD979DF38881
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: 6406C3EC1C33F75B79D1A57BEC20BA14
Requests: 7 HTTP requests in this frame

Frame: https://st.pubmatic.com/AdServer/AdDisplayTrackerServlet?operId=1&pubId=158936&siteId=647353&adId=2570256&imprId=263CA70E-B675-497A-9676-A199C1ED48C0&cksum=1551A2F381F3F870&adType=10&adServerId=243&kefact=1.633612&kaxefact=1.633612&kadNetFrequecy=0&kadwidth=728&kadheight=90&kadsizeid=7&kltstamp=1691808612&indirectAdId=0&adServerOptimizerId=2&ranreq=0.1&kpbmtpfact=1.555821&dcId=2&tldId=0&passback=0&svr=BIDNYC30434&adsver=_115843193&adsabzcid=0&cls=BID&i0=0x3100000000000000&ekefact=ZPPWZD9GAwBNDEiFlJp6Rv4c3ZwuazVkDOblB3t3bR-oDTjW&ekaxefact=ZPPWZFRGAwA1vZ6nhf3AE5Cu564WAeCHjMIYucyoymw3DNKI&ekpbmtpfact=ZPPWZGJGAwD1AUrjZBTW2QCqe5Z9gFQLBXE_rJgBdg4EZ_kv&enpp=ZPPWZG5GAwAcfJeq5NylYswua7LBdceJ7WS12C6wDqmI7mef&pfi=1&domId=16666437334433960935&dc=NYC3&pubBuyId=9044&crID=334143&lpu=aircanada.com&ucrid=10124167893140677826&campaignId=23354&creativeId=0&pctr=0.000000&wDSPByrId=1&wDspId=964&wbId=0&wrId=3379092&wAdvID=556&wDspCampId=66202&isRTB=1&rtbId=F8F1269C-B029-44BD-A08B-C2A771D44469&ver=10&dateHr=2023081202&oid=263CA70E-B675-497A-9676-A199C1ED48C0&cntryId=40&sec=1&pAuSt=3&wops=0&sURL=mediafire.com&BrID=5
Frame ID: 962D6891CB76708524BC26291FAE7E78
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: A80FE62BA4DD7DA469BDD8A03FBF2071
Requests: 10 HTTP requests in this frame

Frame: https://st.pubmatic.com/AdServer/AdDisplayTrackerServlet?operId=1&pubId=158936&siteId=647353&adId=2570251&imprId=0381211E-2317-4AA6-B3C0-74D8F3ECEF54&cksum=5A68120062F8DC7&adType=10&adServerId=243&kefact=1.737306&kaxefact=1.737306&kadNetFrequecy=0&kadwidth=728&kadheight=90&kadsizeid=7&kltstamp=1691808612&indirectAdId=0&adServerOptimizerId=2&ranreq=0.1&kpbmtpfact=1.654577&dcId=2&tldId=0&passback=0&svr=BIDNYC30112&adsver=_115843193&adsabzcid=0&cls=BID&i0=0x3100000000000000&ekefact=ZPPWZMtdAwBqNF4JUpdawJo7w-TaN5WGDaDCTSyzaW41S_PZ&ekaxefact=ZPPWZOBdAwCx2_j0IepiPZba4GmvDOaFPzJu-T1Uc2q95pge&ekpbmtpfact=ZPPWZP1dAwAX6D5ydXeOjhYSZ23RQHQRSI-ZjzAhBQFC0J1L&enpp=ZPPWZA9eAwA7l5P17SHWQ8qrKOQtWEqLAh_lFq345V3mGV9Z&pfi=1&domId=16666437334433960935&dc=NYC3&pubBuyId=9044&crID=334143&lpu=aircanada.com&ucrid=10124167893140677826&campaignId=23354&creativeId=0&pctr=0.000000&wDSPByrId=1&wDspId=964&wbId=0&wrId=3379092&wAdvID=556&wDspCampId=66202&isRTB=1&rtbId=BA0E51CE-1012-49D7-8BD2-8E51931BC0C9&ver=13&dateHr=2023081202&oid=0381211E-2317-4AA6-B3C0-74D8F3ECEF54&cntryId=40&sec=1&pAuSt=3&wops=0&sURL=mediafire.com&BrID=5
Frame ID: 06643342914B0F0F39BCD7E34E548246
Requests: 1 HTTP requests in this frame

Frame: https://mnadshield-a.akamaihd.net/creativewrapper/0-0-1/html/container.html
Frame ID: B838E4DDDD8931E02E69EF3FE98E2C2D
Requests: 4 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=www.mediafire.com&gdpr=0&gdpr_consent=&us_privacy=1---
Frame ID: EEE745D5AAF64EC51FA6EABBF5A3C224
Requests: 2 HTTP requests in this frame

Frame: https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_consent=&_test=ZNbzaAAErzcYwQA4
Frame ID: 2C3B88165A82DD2AFBB4E0CDD6D1BAB5
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw&piggybackCookie=968625789851924408
Frame ID: 1D26675B4D2E9A84F3947A66A5FF9AB2
Requests: 1 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/dcm?pid=3b882453-6770-4785-baf8-a598533c054a&id=D4E60507-3D6E-4B86-BC65-074A03A0A8BC&redir=true&gdpr=0&gdpr_consent=&dcc=t
Frame ID: DF812C48AEECC568CD7E86FA50A32F92
Requests: 1 HTTP requests in this frame

Frame: https://c.pm-serv.co/sr/2722522032/SAFEFRAME.html?ule=2384&&kkdd=A3%7CW%7C9uh3*AnH&Rw=hSMhCOCShUMVT_JTSUT&DeWE=O&YuWb=O&(u-d=yTTU&-we=C83AVUZOK&-W-e=DLami3hSYvQG!HzRL8crai%3D%3D&-Ewe=MhShU_UCS&uwnd=UOO*T_O&--=8K&u-=0j&-1zY=r8!&Wwe=C!04_rCgS&(Wwe=26glpTC&1((Wu=h&EEE=4SadqsXYjVU37_kZWgXW*7Z(CvlpCL()bhfczNrnwm9C!uSJbZMhn9yawvmhuACD40b300pO5T*2XGge6Qs0k!()0NHVSU4AOKa!VfjUUlm26Kq8kn)pLK%3D%3D&zud=_&Xi=h&sDe=J&be(h=C83.9j7VJ&be(T=TThUUVJVC&aeb(b=ueT%3DzsXXo((%3DCT_OowsEX5X%3DOo~DdEWY%3DOBh_oRi5d*-%3DOBMhoRwu5ue%3DTCOoe-T%3Dhou-e%3D~zoR5buz%3DhUSVCVoRXTE5ue%3DTOTUOChhTOowsEX5a%3DUhOhBOSosEX5(f-%3DOou(e%3D_OJM_SUTVo9!%3DBxRwed~BxoRwu5sEX5a%3DOBCCowW%3DhnvdhLokaa%3DOoRwu5sEX5X%3DUOoEwwWsb%3DO%2COod(%3DhSoE-%3DT%2CJMoEWu5ue%3DTOTUOChhTOoRwu5a%3DCCTBMJosEX5a%3DOBUToRXTE5sEX5a%3DOoRXTE5sEX5Rw%3DhrchSosEX5(Rw%3DOosEX5X%3DOoD-b(%3D_OhJOOoaa%3DhTCoRR%3DOoXTE5a%3DhOOOodEWY%3DOBh_oRXTE5sEX5f-%3DOrOoRXTE5sW5X%3DTOoaY%3DhobUW5a%3DSBTT%2CTSB__ouwe%3DC-adVMbTJJMeVeV-aCCVkaSC_SddhUaboue%3DOoswe%3DT)bZYumYGwhjJA*)_7oa(e%3DTTUMChUUSOVSM_VVOJCSS_OUJ_OMTOTOChTUOJOSJCS_JhT_UOChSTUhOMhJVJUCVhJJCMhTCCJVMUSMV_SJCMTVJTTOVVh_VVVUUhTofa5uE-%3DfaaoRis%3DOBMhoeTW5X%3DhOoUW-k%3DhOhOoswY%3DOoeYY5u(ED%3Dd-WoRXTE5sW5a%3DOoeTW5a%3DOBMCo~DeTW5a%3DOBMSoRsEX5a%3DOBMUouu%3DjKo--%3D8Kofa5eX%3Dz%2Fboswi%3Dcho-d%3DOoEWu5a%3DTSB__oRsEX5X%3DOo8)%3DTMCJofa5s-%3Dhoz(u%3Dhofa5sX%3Dz%2Fbofa5--fu%3Dho9!T%3DBxe~izX~beBxo-(%3D(~E~z(~oauu5A2p%3DjK%2CjKowRsEX5a%3DhBOCo!Q%3DOowuwk%3DOofa5((%3DOoawe%3DOBh_ofa5W(%3Dj~(%20!E~-duudeoe-%3DCoRXTE5a%3DSBTTowRsEX5X%3DOo-aeW%3DOBhUToaua%3DOo(Du%3DUOO*T_Oozun%3DhoauW%3DOo(Y*%3DTJUow(LWd5we%3DToudXXdE5(bD5we%3D_OJM_SUTVousWWXL5(bD5we%3D%2FThCCTCJJOTV%2Fgduf(~WcG~zdUoed(d-(de5(bD5we%3DoRwdibawXw(L%3DOBMhoW~u%3Dho-(E%3DJBMUJVUJCMVSCCOUhrcJobeaXf%3D_OJM_SUTVobYW%3Dho-bEEwdE)e%3DOo~Dawe%3DOBh_OoakXE%3DOBOhOouswe%3Doe(-%3Ddbu(5u-owu5~E(a%3DhoeYY5dEWY%3DkbXudoeYY%3Dd-WoaeW-bWe%3DOoebXD%3Dd-W5bs(~ou~aW%3Do1(YX%3Dhoe-s(%3DhOoe~Da%3DOchod-W5sude%3DadX~i5H_Ood-W5W_O%3DOBhVVTTod-W5WV_%3DOB_COJ_owa-%3Dh&z(R=O&YYY=sl~ujk)gHrf%3D&wi=UOO&wz)kE=h&aeE)e=J_M&iXu(W=h&Y-k=CJUST&LeuWE=h&abd=.Jb.HdHJ.Do.Jb.HdbD.DoJdd&fb(WEd=h&fb(awe=chOT&-be~Ybwz=(nvc1y-Xcy5Yh)rja~l1p2hhOVC_qfuuH-gKqu)u_qF%3D&wuwe=_&beR=!EdYwsY%206dbE-1du&WDwe=WOhJ_JJJM_OM(TOTUOChTOT_O&uuXe=%7B%22uuwW%22%3A%22CSBJCBhJBO%22%2C%22uu--%22%3A%228K%22%2C%22uuu-%22%3A%228Kc0j%22%2C%22uu-(L%22%3A%222~E~z(~%22%7D&1(YXuE-=h&(-k5-YW=h&ure=1
Frame ID: F57EEC679F3DFF1309F24E64FE0510F5
Requests: 5 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=6&cv=31&https=1&cid=8CUBMNV74&prvid=2034%2C2033%2C3022%2C2031%2C2030%2C3020%2C251%2C273%2C175%2C2009%2C178%2C255%2C2028%2C3018%2C2027%2C3017%2C214%2C2025%2C336%2C117%2C3014%2C359%2C459%2C99%2C77%2C38%2C3011%2C182%2C3010%2C261%2C141%2C262%2C461%2C222%2C201%2C3007%2C246%2C301%2C4%2C203%2C225%2C10000%2C80%2C9&itype=EBDA&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1
Frame ID: B683157D4BBE3FC1206915466F09D070
Requests: 9 HTTP requests in this frame

Frame: https://contextual.media.net/cksync.html?cs=6&vsid=3348102148992256000V10&type=rkt&refUrl=&vid=18086141673348102148992256000V10&ovsid=969751690948724780
Frame ID: 9C0F4D04057D60DC4E1F8A3B744A2B6A
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUO2689O&prvid=2034%2C2033%2C2030%2C273%2C2028%2C2027%2C2025%2C237%2C117%2C359%2C97%2C55%2C99%2C3012%2C3011%2C3010%2C201%2C3007%2C246%2C4%2C203%2C446%2C9%2C2011%2C3022%2C3020%2C173%2C294%2C251%2C175%2C450%2C2009%2C178%2C255%2C3018%2C3017%2C214%2C336%2C3014%2C337%2C338%2C459%2C77%2C38%2C182%2C261%2C141%2C262%2C461%2C222%2C301%2C225%2C10000%2C80%2C108%2C229%2C307&itype=PREBID&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1
Frame ID: C8B4657FC5A574B31C4ACB74D78BAEE8
Requests: 8 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936
Frame ID: 2EEDFDFF49E2A32B567BD7BAC2344E00
Requests: 17 HTTP requests in this frame

Frame: https://contextual.media.net/cksync.html?cs=8&vsid=3348102148992256000V10&type=rkt&refUrl=&vid=18086154383348102148992256000V10&ovsid=1783777324017357651
Frame ID: CB5E74CAC2D90F80F297831567402E9D
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAFAlE7JrecAACkwHjAhPg&gdpr=0&gdpr_consent=
Frame ID: AF5E81924A270C75D2D1153AD9674B6A
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=6509273573175081155&gdpr=0&gdpr_consent=
Frame ID: 699D35BDA66CC3F300D2EFF5069027BF
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDEmdGw9MTI5NjAw&piggybackCookie=f9b0b968-38ba-11ee-8db4-36c80c52758f
Frame ID: 3ADB4920A70E523B780019BBD0E20F53
Requests: 1 HTTP requests in this frame

Frame: https://match.deepintent.com/usersync/141?gdpr=0&gdpr_consent=
Frame ID: 0869082F26D16E7C1045FB3120CD1EB0
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=KHV4xHhyKsszJXnAfXUxynsnJcIzIiWQfCPHGROn
Frame ID: BD31F9D25DB9B8F89544324D2B650B6D
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=
Frame ID: A20070A8982F180067494A90B826FAE1
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAFAlE7JrecAACkwHjAhPg&gdpr=0&gdpr_consent=
Frame ID: D75743AB882282E08D3EA949DCEE8F26
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=1824226777820254603&gdpr=0&gdpr_consent=
Frame ID: B575A014F1C7BE551A97FD655D074400
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDEmdGw9MTI5NjAw&piggybackCookie=f9b0b968-38ba-11ee-8db4-36c80c52758f
Frame ID: 2FE0AB908F45A9C02EC7D0A17A0A124D
Requests: 1 HTTP requests in this frame

Frame: https://match.deepintent.com/usersync/141?gdpr=0&gdpr_consent=
Frame ID: 3D44ED2BCD85FD223FB80A76844AB2FC
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=0pzrc4KbuXzJzOp33JqiINOR7nPJy-sm0ct-seGD
Frame ID: 03749B0EDA3873071487342CF978753B
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=
Frame ID: D330DE5D3712D9408A12309498891203
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=c3Z9WCaRXJBBFEK6nxsb1lYwDiI&gdpr=0&gdpr_consent=
Frame ID: DBF8DA95F77D8EFB748C757B8BED99B4
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:YRRi7ETa1QuEHJ5&gdpr=0&gdpr_consent=
Frame ID: CB83ADD02FA115CD7C6E1726F7AF75FC
Requests: 1 HTTP requests in this frame

Frame: https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Frame ID: E4FF560F4C8263249CDD2C24E5A22A6E
Requests: 1 HTTP requests in this frame

Frame: https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=D4E60507-3D6E-4B86-BC65-074A03A0A8BC
Frame ID: 8A96E0C23F280B20A81FF680432D33BB
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NTgmdGw9MTI5NjAw&piggybackCookie=D4E60507-3D6E-4B86-BC65-074A03A0A8BC&gdpr=0&gdpr_consent=
Frame ID: 6A28AC712E4E5293F8E03086080E2725
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}
Frame ID: 64AC7448D2D48A2318DF7F86B72BA079
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI5NDcmdGw9MTI5NjAw&piggybackCookie=812464508980
Frame ID: 7F35E52D474EFF602AE483D6AE2BB6B7
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?piggybackCookie=OPU4ba08041be904fa589279f9421e44f32&vcode=bz0yJnR5cGU9MSZjb2RlPTM0ODkmdGw9NDMyMDA%3D
Frame ID: A72581B911D94EF89FB291481028F2A9
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-de9aaf0b-bb09-4020-b812-38649aac1cd1-005
Frame ID: 8076FAC02F72362AA8D5145B36F945E7
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=dbaGYXGaAsW_N1pCb_PWZA
Frame ID: C331C8F15DE4263E5FC563B9CEAEB688
Requests: 1 HTTP requests in this frame

Frame: https://ipac.ctnsnet.com/int/cm?exc=14&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MTEmdGw9MjAxNjA=&piggybackCookie=[user_id]
Frame ID: 86C9CBCB5ACACFAF76926BF7DE420DA2
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=7eef817a-c7f0-485d-bb82-8ef687d3ea3b
Frame ID: EFD0DDDA490EBEA9D16CE5854D0AB1B9
Requests: 1 HTTP requests in this frame

Frame: https://matching.truffle.bid/sync/pub?sid=161&suid=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NDQmdGw9MjAxNjA=&piggybackCookie=$UID
Frame ID: 7FF3D0B556089FA649FB2F8A742FAAD2
Requests: 1 HTTP requests in this frame

Frame: https://core.iprom.net/cookiesync?gdpr=0&gdpr_consent=
Frame ID: A1EAAD9599D96A5DF9720E28A767E6F6
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw&piggybackCookie=Q7450950221899324102
Frame ID: 103DD5BD11C81E7D35E8857B7C6168B2
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:497B82719425476FA94697E20A366A4D&gdpr=0&gdpr_consent=
Frame ID: 711B9B99B6FC270FC12833CC3F2215E3
Requests: 1 HTTP requests in this frame

Frame: https://choices.trustarc.com/get?name=admarkermobile-icon-tr.png
Frame ID: 23BA0375145372EF5B5BE93C2062BE7C
Requests: 1 HTTP requests in this frame

Frame: https://choices.trustarc.com/get?name=admarkermobile-icon-tr.png
Frame ID: 71D7ADFDFDE4AD0AB22E0D9A1D446F33
Requests: 1 HTTP requests in this frame

Frame: https://choices.trustarc.com/get?name=admarkermobile-icon-tr.png
Frame ID: 66BAA21C848A8345C084D51AEB6D9181
Requests: 1 HTTP requests in this frame

Frame: https://bcp.crwdcntrl.net/5/c=4545/rand=956275726/pv=y/int=%23OpR%2341329%23mediafire.com%20%3A%20Total%20Site%20Traffic/int=%23OpR%2341330%23mediafire.com%20%3A%20Site%20Section%20%3A%20file/adv=%23OpR%2342598%23Referral%20Site%20%3A%20/rt=ifr
Frame ID: 51F5E3B372B2EFEE4F87D6DBCCFE557A
Requests: 11 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: A17997399903E7DA6A39BF7657D97283
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 15014D4097E402FC4A8D546ADD47AAC3
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Omegle loading video- Free Download

Detected technologies

Amplitude (Analytics) Expand

Overall confidence: 100%
Detected patterns

cdn\.amplitude\.com

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

328
Requests

83 %
HTTPS

0 %
IPv6

93
Domains

138
Subdomains

82
IPs

7
Countries

2086 kB
Transfer

6028 kB
Size

155
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: https://download2299.mediafire.com/1all4yl2awzgRVFQN3CRypyO3DRXj6L0SNlRo8ypBfTg6zwkdgB9KvERBui1EVZk3Uq6QXvGcuwVrHXCyNI_gnRf07rteGYpZKuoPOrknqOTBw8YcR-YB9FROf_MgHX6XSPTtREdwVK8P19m5YRVi8cu774uqz_ojTuxnDSi6NTf/2vx6675c5wkf95s/Omegle+loading+video-+Free+Download.mp4
Title: Download (326.96KB)

Search URL Search Domain Scan URL

URL: http://blog.mediafire.com/
Title: Company Blog

Search URL Search Domain Scan URL

URL: https://fast.io/
Title: Team File Sharing

Search URL Search Domain Scan URL

URL: https://mediafire.zendesk.com/hc/en-us
Title: Support

Search URL Search Domain Scan URL

URL: https://translate.google.com/
Title: Translate

Search URL Search Domain Scan URL

URL: https://twitter.com/#!/mediafire

Search URL Search Domain Scan URL

URL: https://www.facebook.com/mediafire

Search URL Search Domain Scan URL

URL: https://twitter.com/mediafire
Title: Twitter Page

Search URL Search Domain Scan URL

URL: https://blog.mediafire.com/
Title: MediaFire Blog

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 28

https://www.mediafire.com/cdn-cgi/challenge-platform/scripts/invisible.js HTTP 302
https://www.mediafire.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/7186c00a/invisible.js

Request Chain 65

https://bcp.crwdcntrl.net/map/c=3722/tp=ADSP/tpid=9d9d5acd105d470e9b7b9f61880cfdb6 HTTP 302
https://bcp.crwdcntrl.net/map/ct=y/c=3722/tp=ADSP/tpid=9d9d5acd105d470e9b7b9f61880cfdb6

Request Chain 89

https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F2vx6675c5wkf95s%2FOmegle_loading_video-_Free_Download.mp4%2Ffile%23&rid=esp HTTP 302
https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F2vx6675c5wkf95s%2FOmegle_loading_video-_Free_Download.mp4%2Ffile%23&rid=esp&cc=1

Request Chain 119

https://rtb.adentifi.com/CookieLotame?gdpr=0 HTTP 302
https://sync.crwdcntrl.net/map/c=13119/tp=ADTN/tpid=cuid_f6414811-38ba-11ee-94b7-1297b61989fd

Request Chain 120

https://rtb.adentifi.com/CookieKrux?gdpr=0 HTTP 302
https://beacon.krxd.net/usermatch.gif?partner=adtheorent&partner_uid=cuid_f6414811-38ba-11ee-94b7-1297b61989fd

Request Chain 121

https://rtb.adentifi.com/CookieLiveIntent?gdpr=0 HTTP 302
https://i.liadm.com/s/58383?bidder_id=212430&bidder_uuid=cuid_f6414811-38ba-11ee-94b7-1297b61989fd HTTP 303
https://i.liadm.com/s/58383?bidder_id=212430&bidder_uuid=cuid_f6414811-38ba-11ee-94b7-1297b61989fd&_li_chk=true&previous_uuid=593af67a18f44085aea8fae1206c4dec HTTP 303
https://i6.liadm.com/s/58383?bidder_id=212430&bidder_uuid=cuid_f6414811-38ba-11ee-94b7-1297b61989fd

Request Chain 122

https://rtb.adentifi.com/CookieThrotle?gdpr=0 HTTP 302
https://thrtle.com/insync?vxii_pid=10077&vxii_pdid=cuid_f6414811-38ba-11ee-94b7-1297b61989fd HTTP 302
https://thrtle.com/insync?vxii_pdid=cuid_f6414811-38ba-11ee-94b7-1297b61989fd&vxii_pid=12&vxii_pid1=10077&vxii_rcid=3bb5b120-63fc-43c1-a977-709af6411a48

Request Chain 132

https://rtb.adentifi.com/CookieLotame?gdpr=0 HTTP 302
https://sync.crwdcntrl.net/map/c=13119/tp=ADTN/tpid=cuid_f6414811-38ba-11ee-94b7-1297b61989fd

Request Chain 133

https://rtb.adentifi.com/CookieKrux?gdpr=0 HTTP 302
https://beacon.krxd.net/usermatch.gif?partner=adtheorent&partner_uid=cuid_f6414811-38ba-11ee-94b7-1297b61989fd

Request Chain 134

https://rtb.adentifi.com/CookieLiveIntent?gdpr=0 HTTP 302
https://i.liadm.com/s/58383?bidder_id=212430&bidder_uuid=cuid_f6414811-38ba-11ee-94b7-1297b61989fd HTTP 303
https://i.liadm.com/s/58383?bidder_id=212430&bidder_uuid=cuid_f6414811-38ba-11ee-94b7-1297b61989fd&_li_chk=true&previous_uuid=e527ffcb16bb4b7489c0e5bb9408cf52 HTTP 303
https://i6.liadm.com/s/58383?bidder_id=212430&bidder_uuid=cuid_f6414811-38ba-11ee-94b7-1297b61989fd

Request Chain 135

https://rtb.adentifi.com/CookieThrotle?gdpr=0 HTTP 302
https://thrtle.com/insync?vxii_pid=10077&vxii_pdid=cuid_f6414811-38ba-11ee-94b7-1297b61989fd HTTP 302
https://thrtle.com/insync?vxii_pdid=cuid_f6414811-38ba-11ee-94b7-1297b61989fd&vxii_pid=12&vxii_pid1=10077&vxii_rcid=63945211-b9ad-4f73-b03b-af567813f4f4

Request Chain 146

https://rtb.adentifi.com/CookieLotame?gdpr=0 HTTP 302
https://sync.crwdcntrl.net/map/c=13119/tp=ADTN/tpid=cuid_f6414811-38ba-11ee-94b7-1297b61989fd

Request Chain 147

https://rtb.adentifi.com/CookieKrux?gdpr=0 HTTP 302
https://beacon.krxd.net/usermatch.gif?partner=adtheorent&partner_uid=cuid_f6414811-38ba-11ee-94b7-1297b61989fd

Request Chain 148

https://rtb.adentifi.com/CookieLiveIntent?gdpr=0 HTTP 302
https://i.liadm.com/s/58383?bidder_id=212430&bidder_uuid=cuid_f6414811-38ba-11ee-94b7-1297b61989fd HTTP 303
https://i.liadm.com/s/58383?bidder_id=212430&bidder_uuid=cuid_f6414811-38ba-11ee-94b7-1297b61989fd&_li_chk=true&previous_uuid=0e7b45fe85814d68a1d8e068e82a87eb HTTP 303
https://i6.liadm.com/s/58383?bidder_id=212430&bidder_uuid=cuid_f6414811-38ba-11ee-94b7-1297b61989fd

Request Chain 149

https://rtb.adentifi.com/CookieThrotle?gdpr=0 HTTP 302
https://thrtle.com/insync?vxii_pid=10077&vxii_pdid=cuid_f6414811-38ba-11ee-94b7-1297b61989fd HTTP 302
https://thrtle.com/insync?vxii_pdid=cuid_f6414811-38ba-11ee-94b7-1297b61989fd&vxii_pid=12&vxii_pid1=10077&vxii_rcid=d9840368-9420-4ba8-8f4e-7f8b0eb9cd94

Request Chain 175

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_consent= HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_consent=&_test=ZNbzaAAErzcYwQA4

Request Chain 176

https://p.rfihub.com/cm?pub=224&in=1&getuid=https%3A//image2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw%26piggybackCookie%3D%24UID%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw&piggybackCookie=968625789851924408

Request Chain 177

https://s.amazon-adsystem.com/dcm?pid=3b882453-6770-4785-baf8-a598533c054a&id=D4E60507-3D6E-4B86-BC65-074A03A0A8BC&redir=true&gdpr=0&gdpr_consent= HTTP 302
https://s.amazon-adsystem.com/dcm?pid=3b882453-6770-4785-baf8-a598533c054a&id=D4E60507-3D6E-4B86-BC65-074A03A0A8BC&redir=true&gdpr=0&gdpr_consent=&dcc=t

Request Chain 178

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=RDRFNjA1MDctM0Q2RS00Qjg2LUJDNjUtMDc0QTAzQTBBOEJD&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

Request Chain 179

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEFBXn7OfJmrSDd4kLz0XOTI&google_cver=1

Request Chain 180

https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:497B82719425476FA94697E20A366A4D

Request Chain 181

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=0f47a966-b427-4320-bc28-81b881249716&gdpr=0&gdpr_consent=

Request Chain 182

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=2778506454670933063&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 184

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=D4E60507-3D6E-4B86-BC65-074A03A0A8BC&redir=true&gdpr=0&gdpr_consent= HTTP 302
https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=D4E60507-3D6E-4B86-BC65-074A03A0A8BC&redir=true&gdpr=0&gdpr_consent=&verify=true HTTP 302
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-sWpjIptE2uVHcR.DWHs_gSwyRafDAz4-~A&gdpr=0

Request Chain 188

https://p.rfihub.com/cm?pub=19967&in=1&forward=https%3A%2F%2Fcontextual.media.net%2Fcksync.html%3Fcs%3D6%26vsid%3D3348102148992256000V10%26type%3Drkt%26refUrl%3D%26vid%3D18086141673348102148992256000V10%26ovsid%3D%7Buserid%7D HTTP 302
https://contextual.media.net/cksync.html?cs=6&vsid=3348102148992256000V10&type=rkt&refUrl=&vid=18086141673348102148992256000V10&ovsid=969751690948724780

Request Chain 189

https://sync.go.sonobi.com/us?https://contextual.media.net/cksync.php?cs=6&vsid=3348102148992256000V10&type=son&refUrl=&vid=18086141673348102148992256000V10&ovsid=[UID] HTTP 302
https://contextual.media.net/cksync.php?cs=6&vsid=3348102148992256000V10&type=son&refUrl=&vid=18086141673348102148992256000V10&ovsid=c05c2308-1beb-44b3-94bf-f9ad2dcc55ea

Request Chain 190

https://cm.g.doubleclick.net/pixel?cs=6&google_nid=media&google_cm=1&google_hm=MzM0ODEwMjE0ODk5MjI1NjAwMFYxMA%3D%3D&google_sc=1 HTTP 302
https://cs.media.net/cksync?type=g&cs=6&google_gid=CAESEHcx54AMW0a8aFTSajpM7eQ&google_cver=1

Request Chain 191

https://pm.w55c.net/ping_match.gif?ei=MEDIANET&rurl=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D6%26vsid%3D3348102148992256000V10%26type%3Ddxu%26refUrl%3D%26vid%3D18086141673348102148992256000V10%26ovsid%3D_wfivefivec_ HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=MEDIANET&rurl=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D6%26vsid%3D3348102148992256000V10%26type%3Ddxu%26refUrl%3D%26vid%3D18086141673348102148992256000V10%26ovsid%3D_wfivefivec_ HTTP 302
https://contextual.media.net/cksync.php?cs=6&vsid=3348102148992256000V10&type=dxu&refUrl=&vid=18086141673348102148992256000V10&ovsid=ZWGwQDBy1QuEHJ5

Request Chain 192

https://x.bidswitch.net/sync?ssp=medianet&gdpr=0&gdpr_consent=&gdpr_pd=1 HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=medianet&gdpr=0&gdpr_consent=&gdpr_pd=1 HTTP 302
https://rtb.mfadsrvr.com/sync?ssp=bidswitch&bidswitch_ssp_id=medianet&bsw_user_id=8c1fa4d4-d86f-4c58-b47d-bc009fd65439&gdpr=0&gdpr_consent=&us_privacy= HTTP 302
https://rtb.mfadsrvr.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=medianet&bsw_user_id=8c1fa4d4-d86f-4c58-b47d-bc009fd65439&gdpr=0&gdpr_consent=&us_privacy= HTTP 302
https://x.bidswitch.net/sync?dsp_id=250&expires=14&user_id=ae35350f-54ef-4faa-aa35-923f5bed90ca&ssp=medianet&gdpr=0 HTTP 302
https://contextual.media.net/cksync.php?cs=1&type=bs&ovsid=8c1fa4d4-d86f-4c58-b47d-bc009fd65439&gdpr=0&gdpr_consent=&gdpr_pd=

Request Chain 193

https://b1sync.zemanta.com/usersync/medianet/?puid=${VSID}&cb=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D1%26type%3Dzem%26ovsid%3D__ZUID__https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D6%26vsid%3D3348102148992256000V10%26type%3Dzem%26refUrl%3D%26vid%3D18086141673348102148992256000V10%26ovsid%3D__ZUID__ HTTP 302
https://stags.bluekai.com/site/23178?id=l5cgCCrvH8Bt2IR0Zk6g&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS6Y3PNZ2GK6DUOVQWYLTNMVSGSYJONZSXIL3DNNZXS3TDFZYGQ4B7MNZT2MJGMV4GG2DBNZTWKPLNMVSGSYLOMV2CM33WONUWIPLMGVRWOQ2DOJ3EQOCCOQZESURQLJVTMZ3IOR2HA4ZFGNASKMSGEUZEMY3PNZ2GK6DUOVQWYLTNMVSGSYJONZSXIJJSIZRWW43ZNZRS44DIOASTGRTDOMSTGRBWEZXXM43JMQ6V6X22KVEUIX27EZZGKZSVOJWD2JTUPFYGKPL2MVWSM5DZOBST26TFNUTHM2LEHUYTQMBYGYYTIMJWG4ZTGNBYGEYDEMJUHA4TSMRSGU3DAMBQKYYTAJTWONUWIPJTGM2DQMJQGIYTIOBZHEZDENJWGAYDAVRRGA HTTP 302
https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS6Y3PNZ2GK6DUOVQWYLTNMVSGSYJONZSXIL3DNNZXS3TDFZYGQ4B7MNZT2MJGMV4GG2DBNZTWKPLNMVSGSYLOMV2CM33WONUWIPLMGVRWOQ2DOJ3EQOCCOQZESURQLJVTMZ3IOR2HA4ZFGNASKMSGEUZEMY3PNZ2GK6DUOVQWYLTNMVSGSYJONZSXIJJSIZRWW43ZNZRS44DIOASTGRTDOMSTGRBWEZXXM43JMQ6V6X22KVEUIX27EZZGKZSVOJWD2JTUPFYGKPL2MVWSM5DZOBST26TFNUTHM2LEHUYTQMBYGYYTIMJWG4ZTGNBYGEYDEMJUHA4TSMRSGU3DAMBQKYYTAJTWONUWIPJTGM2DQMJQGIYTIOBZHEZDENJWGAYDAVRRGA HTTP 302
https://contextual.media.net/cksync.php?cs=1&ovsid=l5cgCCrvH8Bt2IR0Zk6ghttps%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D6&ovsid=__ZUID__&refUrl=&type=zem&type=zem&vid=18086141673348102148992256000V10&vsid=3348102148992256000V10

Request Chain 194

https://rtb.mfadsrvr.com/sync?ssp=medianet&ssp_user_id=3348102148992256000V10 HTTP 302
https://rtb.mfadsrvr.com/ul_cb/sync?ssp=medianet&ssp_user_id=3348102148992256000V10 HTTP 302
https://contextual.media.net/cksync.php?type=mf&ovsid=ae35350f-54ef-4faa-aa35-923f5bed90ca&cs=1

Request Chain 195

https://match.adsrvr.org/track/cmf/generic?ttd_pid=8m33zk4&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=8m33zk4&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://cs.media.net/cksync?cs=1&type=ttd&ovsid=0f47a966-b427-4320-bc28-81b881249716

Request Chain 196

https://creativecdn.com/cm-notify?pi=medianet HTTP 302
https://creativecdn.com/cm-notify?pi=medianet&tc=1 HTTP 302
https://contextual.media.net/cksync.php?cs=1&vsid=%7BMedia.net_User_id%7D&type=rbh&ovsid=3fihSmmzCYC79SsfRXmo&pi=medianet&tc=1

Request Chain 208

https://pm.w55c.net/ping_match.gif?st=ShareThrough&rurl=https%3A%2F%2Fmatch.sharethrough.com%2Fsync%2Fv1%3Fsource_id%3DYnUBs5Yz9Zqjy9VCcoCxquFP%26source_user_id%3D_wfivefivec_ HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&st=ShareThrough&rurl=https%3A%2F%2Fmatch.sharethrough.com%2Fsync%2Fv1%3Fsource_id%3DYnUBs5Yz9Zqjy9VCcoCxquFP%26source_user_id%3D_wfivefivec_ HTTP 302
https://match.sharethrough.com/sync/v1?source_id=YnUBs5Yz9Zqjy9VCcoCxquFP&source_user_id=YRRi7ETa1QuEHJ5

Request Chain 209

https://x.bidswitch.net/sync?ssp=sharethrough&user_id=e99c59d0-4d54-4f2d-892e-d66ddd61f9c6&gdpr=0&gdpr_consent=&gdpr_pd=1&usprivacy= HTTP 302
https://c1.adform.net/serving/cookie/match/?party=24&bidswitch_ssp_id=sharethrough HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=24&bidswitch_ssp_id=sharethrough HTTP 302
https://x.bidswitch.net/sync?dsp_id=70&user_id=7333337892909792278&ssp=sharethrough HTTP 302
https://match.sharethrough.com/sync/v1?source_id=bf2b131f1f7eff9d8892972c&source_user_id=8c1fa4d4-d86f-4c58-b47d-bc009fd65439&seat_user_id=&seat_key=&gdpr=&gdpr_consent=&gdpr_pd=&us_privacy=

Request Chain 211

https://pixel.rubiconproject.com/exchange/sync.php?p=18694&gdpr=0&gdpr_consent= HTTP 302
https://match.sharethrough.com/sync/v1?source_id=UiRtTsXAfjmfSDAKnR1FjWsu&source_user_id=LL7F62HL-1A-EZMV&gdpr=0

Request Chain 213

https://p.rfihub.com/cm?pub=19967&in=1&forward=https%3A%2F%2Fcontextual.media.net%2Fcksync.html%3Fcs%3D8%26vsid%3D3348102148992256000V10%26type%3Drkt%26refUrl%3D%26vid%3D18086154383348102148992256000V10%26ovsid%3D%7Buserid%7D HTTP 302
https://contextual.media.net/cksync.html?cs=8&vsid=3348102148992256000V10&type=rkt&refUrl=&vid=18086154383348102148992256000V10&ovsid=1783777324017357651

Request Chain 214

https://creativecdn.com/cm-notify?pi=medianet HTTP 302
https://creativecdn.com/cm-notify?pi=medianet&tc=1 HTTP 302
https://contextual.media.net/cksync.php?cs=1&vsid=%7BMedia.net_User_id%7D&type=rbh&ovsid=3fihSmmzCYC79SsfRXmo&pi=medianet&tc=1

Request Chain 216

https://pm.w55c.net/ping_match.gif?ei=MEDIANET&rurl=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D3348102148992256000V10%26type%3Ddxu%26refUrl%3D%26vid%3D18086154383348102148992256000V10%26ovsid%3D_wfivefivec_ HTTP 302
https://contextual.media.net/cksync.php?cs=8&vsid=3348102148992256000V10&type=dxu&refUrl=&vid=18086154383348102148992256000V10&ovsid=YRRi7ETa1QuEHJ5

Request Chain 217

https://dis.criteo.com/dis/usersync.aspx?r=115&p=226&cp=medianet&cu=1&url=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D1%26type%3Dcrt%26ovsid%3D%40%40CRITEO_USERID%40%40 HTTP 302
https://contextual.media.net/cksync.php?cs=1&type=crt&ovsid=68ec1a45-4112-4d0d-b841-df8394c0f20d

Request Chain 218

https://b1sync.zemanta.com/usersync/medianet/?puid=${VSID}&cb=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D1%26type%3Dzem%26ovsid%3D__ZUID__https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D3348102148992256000V10%26type%3Dzem%26refUrl%3D%26vid%3D18086154383348102148992256000V10%26ovsid%3D__ZUID__ HTTP 302
https://stags.bluekai.com/site/23178?id=l5cgCCrvH8Bt2IR0Zk6g&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS6Y3PNZ2GK6DUOVQWYLTNMVSGSYJONZSXIL3DNNZXS3TDFZYGQ4B7MNZT2MJGMV4GG2DBNZTWKPLNMVSGSYLOMV2CM33WONUWIPLMGVRWOQ2DOJ3EQOCCOQZESURQLJVTMZ3IOR2HA4ZFGNASKMSGEUZEMY3PNZ2GK6DUOVQWYLTNMVSGSYJONZSXIJJSIZRWW43ZNZRS44DIOASTGRTDOMSTGRBYEZXXM43JMQ6V6X22KVEUIX27EZZGKZSVOJWD2JTUPFYGKPL2MVWSM5DZOBST26TFNUTHM2LEHUYTQMBYGYYTKNBTHAZTGNBYGEYDEMJUHA4TSMRSGU3DAMBQKYYTAJTWONUWIPJTGM2DQMJQGIYTIOBZHEZDENJWGAYDAVRRGA HTTP 302
https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS6Y3PNZ2GK6DUOVQWYLTNMVSGSYJONZSXIL3DNNZXS3TDFZYGQ4B7MNZT2MJGMV4GG2DBNZTWKPLNMVSGSYLOMV2CM33WONUWIPLMGVRWOQ2DOJ3EQOCCOQZESURQLJVTMZ3IOR2HA4ZFGNASKMSGEUZEMY3PNZ2GK6DUOVQWYLTNMVSGSYJONZSXIJJSIZRWW43ZNZRS44DIOASTGRTDOMSTGRBYEZXXM43JMQ6V6X22KVEUIX27EZZGKZSVOJWD2JTUPFYGKPL2MVWSM5DZOBST26TFNUTHM2LEHUYTQMBYGYYTKNBTHAZTGNBYGEYDEMJUHA4TSMRSGU3DAMBQKYYTAJTWONUWIPJTGM2DQMJQGIYTIOBZHEZDENJWGAYDAVRRGA HTTP 302
https://contextual.media.net/cksync.php?cs=1&ovsid=l5cgCCrvH8Bt2IR0Zk6ghttps%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8&ovsid=__ZUID__&refUrl=&type=zem&type=zem&vid=18086154383348102148992256000V10&vsid=3348102148992256000V10

Request Chain 224

https://match.prod.bidr.io/cookie-sync/pm?gdpr=0&gdpr_consent= HTTP 303
https://match.prod.bidr.io/cookie-sync/pm?gdpr=0&gdpr_consent=&_bee_ppp=1 HTTP 303
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFBNXFVN0pyZWNBQUNjX084TUtadw&gdpr=0&gdpr_consent=&bee_sync_partners=syn%2Cpp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 302
https://match.prod.bidr.io/cookie-sync/adx?gdpr=0&gdpr_consent=&bee_sync_partners=syn%2Cpp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 303
https://sync.technoratimedia.com/services?uid=AAFAlE7JrecAACkwHjAhPg&srv=cs&pid=73&cb=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26bee_sync_partners%3Dpp%252Csas%252Cpm%26bee_sync_current_partner%3Dsyn%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D2&gdpr=0 HTTP 307
https://ssum-sec.casalemedia.com/usermatchredir?s=191740&cb=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26nuid%3D3EF19D5DA37645C09668ADD2F6DD6276%26att%3D1%26pid%3D82%26cb%3Dhttps%253A%252F%252Fmatch.prod.bidr.io%252Fcookie-sync%253Fgdpr%253D0%2526bee_sync_partners%253Dpp%25252Csas%25252Cpm%2526bee_sync_current_partner%253Dsyn%2526bee_sync_initiator%253Dadx%2526bee_sync_hop_count%253D2%26uid%3D HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26nuid%3D3EF19D5DA37645C09668ADD2F6DD6276%26att%3D1%26pid%3D82%26cb%3Dhttps%253A%252F%252Fmatch.prod.bidr.io%252Fcookie-sync%253Fgdpr%253D0%2526bee_sync_partners%253Dpp%25252Csas%25252Cpm%2526bee_sync_current_partner%253Dsyn%2526bee_sync_initiator%253Dadx%2526bee_sync_hop_count%253D2%26uid%3D&s=191740&C=1 HTTP 302
https://sync.technoratimedia.com/services?srv=cs&nuid=3EF19D5DA37645C09668ADD2F6DD6276&att=1&pid=82&cb=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26bee_sync_partners%3Dpp%252Csas%252Cpm%26bee_sync_current_partner%3Dsyn%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D2&uid=ZNbzafQBmdgSEg05bWZQ9wAA%261357 HTTP 307
https://match.prod.bidr.io/cookie-sync?gdpr=0&bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=syn&bee_sync_initiator=adx&bee_sync_hop_count=2 HTTP 303
https://bh.contextweb.com/bh/rtset?ev=AAFAlE7JrecAACkwHjAhPg&do=add&pid=558502&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26bee_sync_partners%3Dsas%252Cpm%26bee_sync_current_partner%3Dpp%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D3&gdpr=0 HTTP 302
https://match.prod.bidr.io/cookie-sync?gdpr=0&bee_sync_partners=sas%2Cpm&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=3&ev=AAFAlE7JrecAACkwHjAhPg&pid=558502&do=add&gdpr=0 HTTP 303
https://rtb-csync.smartadserver.com/redir?partneruserid=AAFAlE7JrecAACkwHjAhPg&partnerid=127&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26gdpr%3D0%26bee_sync_partners%3Dpm%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D4%26userid%3DSMART_USER_ID&gdpr=0 HTTP 302
https://match.prod.bidr.io/cookie-sync?gdpr=0&gdpr=0&bee_sync_partners=pm&bee_sync_current_partner=sas&bee_sync_initiator=adx&bee_sync_hop_count=4&userid=5640036438096218636&gdpr=0&gdpr_consent= HTTP 303
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAFAlE7JrecAACkwHjAhPg&gdpr=0&gdpr_consent=

Request Chain 225

https://ib.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA%3D%26piggybackCookie%3D%24UID%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=6509273573175081155&gdpr=0&gdpr_consent=

Request Chain 226

https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent= HTTP 302
https://cm.adgrx.com/bridge.gif?AG_PID=pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDEmdGw9MTI5NjAw&piggybackCookie=f9b0b968-38ba-11ee-8db4-36c80c52758f

Request Chain 228

https://cms.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=KHV4xHhyKsszJXnAfXUxynsnJcIzIiWQfCPHGROn

Request Chain 229

https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@ HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=

Request Chain 230

https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=D4E60507-3D6E-4B86-BC65-074A03A0A8BC&gdpr=0&gdpr_consent= HTTP 302
https://pubmatic-match.dotomi.com/match/bounce/current?DotomiTest=7b3ed5b2ec7205e8&is_secure=true&networkId=17100&version=1&nuid=D4E60507-3D6E-4B86-BC65-074A03A0A8BC&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQ2MSZ0bD0xMDA4MA==&piggybackCookie=AAAB8WfIG8qf4gNXqjm6AAAAAAA&expiration=1691895023&nuid=D4E60507-3D6E-4B86-BC65-074A03A0A8BC&is_secure=true&gdpr_consent=&gdpr=0

Request Chain 231

https://sync.ipredictive.com/d/sync/cookie/generic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=${ADELPHIC_CUID}&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=894068b6-2b30-4266-8b3b-4ed3715aea63&gdpr=0&gdpr_consent=

Request Chain 232

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://dsp.nrich.ai/bidswitch/sync?bidswitch_ssp_id=pubmatic&bsw_custom_parameter=8c1fa4d4-d86f-4c58-b47d-bc009fd65439&gdpr=0&gdpr_consent=&gdpr_pd=&us_privacy= HTTP 302
https://x.bidswitch.net/sync?dsp_id=283&user_id=c062d3d9-54db-430e-bf46-3625d2539b54&expires=1&user_group=5&ssp=pubmatic&bsw_param=8c1fa4d4-d86f-4c58-b47d-bc009fd65439&gdpr=0&gdpr_consent=&gdpr_pd= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=8c1fa4d4-d86f-4c58-b47d-bc009fd65439&gdpr=0&gdpr_consent=&gdpr_pd=

Request Chain 233

https://rtb.adentifi.com/CookieSyncPubMatic&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMTUmdGw9MTI5NjAw&piggybackCookie=cuid_f642f5c1-38ba-11ee-94b7-1297b61989fd&gdpr=0

Request Chain 234

https://match.prod.bidr.io/cookie-sync/pm?gdpr=0&gdpr_consent= HTTP 303
https://match.prod.bidr.io/cookie-sync/pm?gdpr=0&gdpr_consent=&_bee_ppp=1 HTTP 303
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFGQWxFN0pyZWNBQUNrd0hqQWhQZw&gdpr=0&gdpr_consent=&bee_sync_partners=pp%2Csas%2Csyn%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 302
https://match.prod.bidr.io/cookie-sync/adx?gdpr=0&gdpr_consent=&bee_sync_partners=pp%2Csas%2Csyn%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 303
https://bh.contextweb.com/bh/rtset?ev=AAFAlE7JrecAACkwHjAhPg&do=add&pid=558502&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26bee_sync_partners%3Dsas%252Csyn%252Cpm%26bee_sync_current_partner%3Dpp%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D2&gdpr=0 HTTP 302
https://match.prod.bidr.io/cookie-sync?gdpr=0&bee_sync_partners=sas%2Csyn%2Cpm&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=2&ev=AAFAlE7JrecAACkwHjAhPg&pid=558502&do=add&gdpr=0 HTTP 303
https://rtb-csync.smartadserver.com/redir?partneruserid=AAFAlE7JrecAACkwHjAhPg&partnerid=127&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26gdpr%3D0%26bee_sync_partners%3Dsyn%252Cpm%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D3%26userid%3DSMART_USER_ID&gdpr=0 HTTP 302
https://match.prod.bidr.io/cookie-sync?gdpr=0&gdpr=0&bee_sync_partners=syn%2Cpm&bee_sync_current_partner=sas&bee_sync_initiator=adx&bee_sync_hop_count=3&userid=2618455391205067311&gdpr=0&gdpr_consent= HTTP 303
https://sync.technoratimedia.com/services?uid=AAFAlE7JrecAACkwHjAhPg&srv=cs&pid=73&cb=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26gdpr%3D0%26userid%3D2618455391205067311%26gdpr%3D0%26gdpr_consent%3D%26bee_sync_partners%3Dpm%26bee_sync_current_partner%3Dsyn%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D4&gdpr=0 HTTP 307
https://secure.adnxs.com/getuid?https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26nuid%3D3EF19D5DA37645C09668ADD2F6DD6276%26att%3D1%26pid%3D46%26cb%3Dhttps%253A%252F%252Fmatch.prod.bidr.io%252Fcookie-sync%253Fgdpr%253D0%2526gdpr%253D0%2526userid%253D2618455391205067311%2526gdpr%253D0%2526gdpr_consent%253D%2526bee_sync_partners%253Dpm%2526bee_sync_current_partner%253Dsyn%2526bee_sync_initiator%253Dadx%2526bee_sync_hop_count%253D4%26uid%3D%24UID HTTP 302
https://sync.technoratimedia.com/services?srv=cs&nuid=3EF19D5DA37645C09668ADD2F6DD6276&att=1&pid=46&cb=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26gdpr%3D0%26userid%3D2618455391205067311%26gdpr%3D0%26gdpr_consent%3D%26bee_sync_partners%3Dpm%26bee_sync_current_partner%3Dsyn%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D4&uid=6509273573175081155 HTTP 307
https://match.prod.bidr.io/cookie-sync?gdpr=0&gdpr=0&userid=2618455391205067311&gdpr=0&gdpr_consent=&bee_sync_partners=pm&bee_sync_current_partner=syn&bee_sync_initiator=adx&bee_sync_hop_count=4 HTTP 303
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAFAlE7JrecAACkwHjAhPg&gdpr=0&gdpr_consent=

Request Chain 235

https://ib.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA%3D%26piggybackCookie%3D%24UID%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=1824226777820254603&gdpr=0&gdpr_consent=

Request Chain 236

https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent= HTTP 302
https://cm.adgrx.com/bridge.gif?AG_PID=pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDEmdGw9MTI5NjAw&piggybackCookie=f9b0b968-38ba-11ee-8db4-36c80c52758f

Request Chain 237

https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=D4E60507-3D6E-4B86-BC65-074A03A0A8BC&gdpr=0&gdpr_consent= HTTP 302
https://pubmatic-match.dotomi.com/match/bounce/current?DotomiTest=332e1686a240067b&is_secure=true&networkId=17100&version=1&nuid=D4E60507-3D6E-4B86-BC65-074A03A0A8BC&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQ2MSZ0bD0xMDA4MA==&piggybackCookie=AAACTWuxx3lbvwMV5PfnAAAAAAA&expiration=1691895023&nuid=D4E60507-3D6E-4B86-BC65-074A03A0A8BC&is_secure=true&gdpr_consent=&gdpr=0

Request Chain 239

https://sync.ipredictive.com/d/sync/cookie/generic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=${ADELPHIC_CUID}&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=4747720e-b039-4350-8100-38c901466cfa&gdpr=0&gdpr_consent=

Request Chain 240

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://pool.admedo.com/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic&bsw_custom_parameter=8c1fa4d4-d86f-4c58-b47d-bc009fd65439 HTTP 302
https://pool.admedo.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic&bsw_custom_parameter=8c1fa4d4-d86f-4c58-b47d-bc009fd65439 HTTP 302
https://x.bidswitch.net/sync?dsp_id=23&expires=14&user_id=c095565d-cb0a-4027-b32a-eb9a24889f27&user_group=1&ssp=pubmatic&bsw_param=8c1fa4d4-d86f-4c58-b47d-bc009fd65439 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=8c1fa4d4-d86f-4c58-b47d-bc009fd65439&gdpr=&gdpr_consent=&gdpr_pd=

Request Chain 241

https://cms.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=0pzrc4KbuXzJzOp33JqiINOR7nPJy-sm0ct-seGD

Request Chain 242

https://rtb.adentifi.com/CookieSyncPubMatic&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMTUmdGw9MTI5NjAw&piggybackCookie=cuid_f642f5c1-38ba-11ee-94b7-1297b61989fd&gdpr=0

Request Chain 243

https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@ HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=

Request Chain 254

https://sync.srv.stackadapt.com/sync?nid=11&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=c3Z9WCaRXJBBFEK6nxsb1lYwDiI&gdpr=0&gdpr_consent=

Request Chain 255

https://pm.w55c.net/ping_match.gif?ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:YRRi7ETa1QuEHJ5&gdpr=0&gdpr_consent=

Request Chain 256

https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID} HTTP 302
https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}

Request Chain 257

https://beacon.lynx.cognitivlabs.com/pbmtc.gif?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0xJnR5cGU9MSZjb2RlPTM0MzkmdGw9MTI5NjAw&piggybackCookie=$UID HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0xJnR5cGU9MSZjb2RlPTM0MzkmdGw9MTI5NjAw&piggybackCookie=83f29d8e-a354-4085-b109-2fae813b68ea&r=https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=${PUBMATIC_UID} HTTP 302
https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=D4E60507-3D6E-4B86-BC65-074A03A0A8BC

Request Chain 258

https://ad.mrtnsvr.com/sync/pubmatic?gdpr=0&gdpr_consent= HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0NTgmdGw9MTI5NjAw%26piggybackCookie%3D%23PM_USER_ID%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NTgmdGw9MTI5NjAw&piggybackCookie=D4E60507-3D6E-4B86-BC65-074A03A0A8BC&gdpr=0&gdpr_consent=

Request Chain 259

https://csync.loopme.me/?pubid=11331&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={viewer_token} HTTP 307
https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}

Request Chain 260

https://ums.acuityplatform.com/tum?umid=6 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI5NDcmdGw9MTI5NjAw&piggybackCookie=812464508980

Request Chain 261

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=1OYFBz1uS4a8ZQdKA6CovA%3D%3D&gdpr=0&gdpr_consent= HTTP 302
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=

Request Chain 262

https://pixel.tapad.com/idsync/ex/receive?partner_id=3371&partner_device_id=D4E60507-3D6E-4B86-BC65-074A03A0A8BC HTTP 302
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3371&partner_device_id=D4E60507-3D6E-4B86-BC65-074A03A0A8BC HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=3a3c754e-49da-4120-808f-90244ab39d1e%252C%252C&gdpr=0&gdpr_consent= HTTP 302
https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=0f47a966-b427-4320-bc28-81b881249716&ttd_puid=3a3c754e-49da-4120-808f-90244ab39d1e%2C%2C

Request Chain 264

https://eb2.3lift.com/xuid?mid=7976&xuid=D4E60507-3D6E-4B86-BC65-074A03A0A8BC&dongle=u6nf&gdpr=0&gdpr_consent= HTTP 302
https://eb2.3lift.com/xuid?ld=1&mid=7976&xuid=D4E60507-3D6E-4B86-BC65-074A03A0A8BC&dongle=u6nf&gdpr=0&cmp_cs=&us_privacy=

Request Chain 265

https://pmp.mxptint.net/sn.ashx?&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjc0NCZ0bD0xNTc2ODAw&piggybackCookie=R35CAB_10745C7CA_569779A6&r=https://pmp.mxptint.net/sn.ashx?ak=1 HTTP 302
https://pmp.mxptint.net/sn.ashx?ak=1

Request Chain 267

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=7333337892909792278

Request Chain 272

https://t.adx.opera.com/pub/sync?pubid=pub8730968190912 HTTP 302
https://image2.pubmatic.com/AdServer/Pug?piggybackCookie=OPU4ba08041be904fa589279f9421e44f32&vcode=bz0yJnR5cGU9MSZjb2RlPTM0ODkmdGw9NDMyMDA%3D

Request Chain 273

https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://sync.1rx.io/usersync2/pubmatic?zcc=1&cb=1691808622644 HTTP 302
https://ad.turn.com/r/cs?pid=45&rndcb=108259672 HTTP 302
https://sync.1rx.io/usersync/turn/2778506454670933063?dspret=1&gdpr=&gdpr_consent=&us_privacy= HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-de9aaf0b-bb09-4020-b812-38649aac1cd1-005?redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA%3D%26piggybackCookie%3DRX-de9aaf0b-bb09-4020-b812-38649aac1cd1-005 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-de9aaf0b-bb09-4020-b812-38649aac1cd1-005

Request Chain 274

https://gocm.c.appier.net/pubmatic HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=dbaGYXGaAsW_N1pCb_PWZA

Request Chain 276

https://mweb.ck.inmobi.com/sync/15?redirect=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA%3D%3D%26piggybackCookie%3D%24DSP_CKID HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=7eef817a-c7f0-485d-bb82-8ef687d3ea3b

Request Chain 279

https://px.owneriq.net/epm?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw&piggybackCookie=$UID HTTP 302
https://px.owneriq.net/ecc?redir=https%3a%2f%2fsimage2.pubmatic.com%2fAdServer%2fPug%3fvcode%3dbz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw%26piggybackCookie%3dQ7450950221899324102&uid=Q7450950221899324102&ref=%2Fepm HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw&piggybackCookie=Q7450950221899324102

Request Chain 280

https://um.simpli.fi/pm_match?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:497B82719425476FA94697E20A366A4D&gdpr=0&gdpr_consent=

Request Chain 285

https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 302
https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=6509273573175081155

Request Chain 315

https://cms.analytics.yahoo.com/cms?partner_id=LOTME&gdpr=0 HTTP 302
https://ups.analytics.yahoo.com/ups/58736/cms?partner_id=LOTME&gdpr=0 HTTP 302
https://sync.crwdcntrl.net/qmap?c=5437&tp=DTAX&tpidqp=tpidqa&tpidqa=y-wO59MpFE2py6qLAP.sbbIQdxa9xDP5TEDas-~A&gdpr=0

Request Chain 316

https://match.adsrvr.org/track/cmf/generic?ttd_pid=lotame&ttd_tpi=1&gdpr=0 HTTP 302
https://sync.crwdcntrl.net/map/c=10620/tp=TRAD/tpid=0f47a966-b427-4320-bc28-81b881249716/gdpr=0/gdpr_consent=

Request Chain 318

https://secure.adnxs.com/getuid?https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D281%2Ftp%3DANXS%2Ftpid%3D%24UID%2Fgdpr%3D0%2Frand=474985345 HTTP 302
https://sync.crwdcntrl.net/map/c=281/tp=ANXS/tpid=6509273573175081155/gdpr=0/rand=474985345

Request Chain 319

https://pixel.tapad.com/idsync/ex/receive?partner_id=LOTAME&partner_device_id=1981ee695b2b84cbb6bd3e699424e366&gdpr=0&partner_url=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D10158%2Ftp%3DTPAD%2Ftpid%3D%24%7BTA_DEVICE_ID%7D&ch= HTTP 302
https://secure.adnxs.com/getuid?https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Freceive%3Fpartner_id%3DAPPNEXUS%26partner_device_id%3D%24UID%26pt%3D3a3c754e-49da-4120-808f-90244ab39d1e%252Chttps%25253A%25252F%25252Fsync.crwdcntrl.net%25252Fmap%25252Fc%25253D10158%25252Ftp%25253DTPAD%25252Ftpid%25253D3a3c754e-49da-4120-808f-90244ab39d1e%252C HTTP 302
https://pixel.tapad.com/idsync/ex/receive?partner_id=APPNEXUS&partner_device_id=6509273573175081155&pt=3a3c754e-49da-4120-808f-90244ab39d1e%2Chttps%253A%252F%252Fsync.crwdcntrl.net%252Fmap%252Fc%253D10158%252Ftp%253DTPAD%252Ftpid%253D3a3c754e-49da-4120-808f-90244ab39d1e%2C HTTP 302
https://sync.crwdcntrl.net/map/c=10158/tp=TPAD/tpid=3a3c754e-49da-4120-808f-90244ab39d1e

Request Chain 322

https://dmp.truoptik.com/f2d2e39fc16bc9cc/sync.gif?cbp=tpid&cbk=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D10832%2Ftp%3DTRUP HTTP 302
https://sync.crwdcntrl.net/map/c=10832/tp=TRUP/tpid=3903d6a14a5d11f070e291db4989000e

Request Chain 324

https://sync.srv.stackadapt.com/sync?nid=lotame&gdpr=0 HTTP 302
https://sync.crwdcntrl.net/qmap?c=6569&tp=STKA&tpid=0-73767d58-2691-5c90-4114-42ba9f1b1bd6$ip$86.48.14.34&gdpr=0&gdpr_consent=

328 HTTP transactions
7 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request file Show response
www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/ 307 KB
81 KB 210ms
158ms Document
text/html 104.16.53.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.16.53.48 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9fb1dcff07013557060cdc965f4d3db6ece1eab17b3e2cafd0c9dcbf0defff25

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

access-control-allow-origin: https://www.mediafire.com
cache-control: no-cache, no-store, must-revalidate, max-age=0, post-check=0, pre-check=0
cf-cache-status: DYNAMIC
cf-ray: 7f5568cb9c6636c0-YYZ
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Sat, 12 Aug 2023 02:50:11 GMT
expires: 0
pragma: no-cache
server: cloudflare
strict-transport-security: max-age=0
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-robots-tag: noindex, nofollow

GET
H2 200 cmp.min.js Show response
the.gatekeeperconsent.com/ 21 KB
8 KB 81ms
27ms Script
application/javascript 172.67.144.62
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://the.gatekeeperconsent.com/cmp.min.js
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.144.62 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fa0d059cc02895fb68d146144f99912d04e034b5463ebc119bd74b045417732b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:11 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 12 Aug 2023 02:44:23 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 293
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aaU6TYQiDgDmS%2Bc7a%2F7YQj57unlvmv2khN9nJY6Czq8uQ3jHFDSXWBPzCwSl1v9ss2CuGyfcusKUXBqgJrj29ahDlRaZf1C1HUv5i0NcjSsJbHLRVs0uj0KNDqduWFmEygiVJ94OmGFTSikh"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-middleton-display: sol-js
cache-control: public, max-age=14400
x-robots-tag: noindex
cf-ray: 7f5568cd3eb639cb-YYZ
alt-svc: h3=":443"; ma=86400

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 164 KB
61 KB 118ms
48ms Script
application/javascript 142.250.80.72
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-829541-1

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.80.72 Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s35-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

0ba00d00f24a26bd226f0bb7d0d103a7fcf6839d7d4b9210e04cbf59c71c2318

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:11 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61592
x-xss-protection: 0
last-modified: Sat, 12 Aug 2023 00:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 12 Aug 2023 02:50:11 GMT

GET
H2 200 tag Show response
btloader.com/ 15 KB
7 KB 72ms
23ms Script
application/javascript 104.26.6.139
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://btloader.com/tag?o=5678961798414336&upapi=true
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.139 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 055dafe5d715713d106c15306e2bb69ec70ef268aa604e934d7c57b0ba4b5b3d

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:11 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 12 Aug 2023 02:48:47 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 6
etag: W/"2019cf4e6401d4f44354fd76fca22bff"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=69c40zjyHNQ5udhdVvCnHXh%2FG7G%2Fv7o0qVyNy6sPF5bu8%2FcjTNERzPp532eljU5dvT30zjw%2F70ejI7e595aXK7U8KxqiccfqkwYiUjfvQZvjWVQuBPL7qm1UQyLuWA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=300, must-revalidate, stale-if-error=3600, stale-while-revalidate=300
cf-ray: 7f5568cdad5336c4-YYZ

GET
H2 200 sa.min.js Show response
www.ezojs.com/ezoic/ 125 KB
44 KB 96ms
30ms Script
application/javascript 104.21.93.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.ezojs.com/ezoic/sa.min.js
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.93.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 403d274cd57351c6a4b11a33ad7ba717e7f987d6d077ffc7b0cb10ec7288a0af

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:11 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 11 Aug 2023 13:43:03 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 47228
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YnUme1CcdB4h4tHuRyUXyV%2Fmq%2BpDeLbJUjrbEmFZVPOsyaFS3IDS9rpMCcAax30%2BNn3S64NPnzWmdrPuzCsdto7s0IRXZiPrPjpoqMS6e6gsMuBzpNusn%2BQtPSZ4pClY"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-middleton-display: sol-js
cache-control: public, max-age=86400
x-robots-tag: noindex
cf-ray: 7f5568cddc56a223-YYZ
alt-svc: h3=":443"; ma=86400

GET
H2 200 element.js Show response
translate.google.com/translate_a/ 85 KB
30 KB 159ms
64ms Script
text/javascript 142.251.40.142
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://translate.google.com/translate_a/element.js?cb=googFooterTranslate

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.40.142 Newark, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s80-in-f14.1e100.net

Software

ESF /

Resource Hash

3c66bfef67c4e703c1b16e28b6c8ee4da73ddb2bb49ae3d5254bcaaa2b4065ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 12 Aug 2023 02:50:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 v8b253dfea2ab4077af8c6f58422dfbfd1689876627854 Show response
static.cloudflareinsights.com/beacon.min.js/ 20 KB
7 KB 109ms
56ms Script
text/javascript 104.16.57.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/v8b253dfea2ab4077af8c6f58422dfbfd1689876627854
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.57.101 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c235f21017bcc11fcaa31d7dfd9855aaebcbf5f6d7ee9bf9f2e98a910907c391

Request headers

Referer: https://www.mediafire.com/
Origin: https://www.mediafire.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:11 GMT
content-encoding: gzip
last-modified: Thu, 20 Jul 2023 18:10:27 GMT
server: cloudflare
etag: W/"2023.7.1"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 7f5568cdcecb36bb-YYZ

GET
H2 200 consent_modules.json Show response
privacy.gatekeeperconsent.com/ 34 B
501 B 75ms
24ms XHR
application/json 172.67.144.62
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://privacy.gatekeeperconsent.com/consent_modules.json
Requested by: Host: the.gatekeeperconsent.com
URL: https://the.gatekeeperconsent.com/cmp.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.144.62 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 24434236112e2c40b190268b75b5a499d50fa6a4cd93664b9ec82f7852865ebf

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:11 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E9YNtnhX%2F6TVj3m0BN16PcD5%2BZCnBXhAPJnwoj01cqtNLbsA5R3rJCxq17FCceWHf5Ooz9gN39qN8qg%2BzV5ZKJyr50Ip18Q%2BbTH7dIqntTqFle4Wdfl7hJi04DpITOS1AfZW2fZHxhSXaoQgGnZIuw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json;charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=15780000, public
cf-ray: 7f5568cdbf1436ae-YYZ
alt-svc: h3=":443"; ma=86400
content-length: 34

GET
H2 200 amplitude-8.5.0-min.gz.js Show response
cdn.amplitude.com/libs/ 68 KB
22 KB 118ms
38ms Script
application/javascript 18.164.115.7
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.amplitude.com/libs/amplitude-8.5.0-min.gz.js
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.164.115.7 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-164-115-7.jfk50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2450e5580136f94bda7ccf95e3167b57e15b05b513a430967943a50036fa47a4

Request headers

Referer: https://www.mediafire.com/
Origin: https://www.mediafire.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Thu, 27 Jul 2023 00:23:18 GMT
content-encoding: gzip
via: 1.1 83fa5376b39b1a76db557ab22fa73856.cloudfront.net (CloudFront)
x-amz-version-id: NY8_7uBz3xoXYJBVsMSBAGHOz8ixMBS3
x-amz-cf-pop: JFK50-P6
age: 1391214
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 22154
last-modified: Fri, 13 Aug 2021 22:37:42 GMT
server: AmazonS3
etag: "660c3b546f2a131de50b69b91f26c636"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
accept-ranges: bytes
x-amz-cf-id: 1wrLyvRGUb40lcyDR6PB0QHOA6JeXD07Mcm9B2J_BoIJ_M-XvmNTtQ==

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 240 KB
77 KB 61ms
60ms Script
application/javascript 142.250.80.72
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-53LP4T

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.80.72 Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s35-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

42d1bd1c387d39e4717a1c6ced827a9e0fb0cbba6d66c259b8a84840721b9216

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:11 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 78463
x-xss-protection: 0
last-modified: Sat, 12 Aug 2023 00:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 12 Aug 2023 02:50:11 GMT

GET
H2 200 mf_logo_full_color.svg
static.mediafire.com/images/backgrounds/header/ 3 KB
2 KB 49ms
39ms Image
image/svg+xml 104.16.53.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.mediafire.com/images/backgrounds/header/mf_logo_full_color.svg
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.16.53.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8539c91ae0a82f8cab27d481ea38ac4e66d1e5b36701fe295bcba4399b9255bd

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:11 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Fri, 28 Oct 2016 22:22:42 GMT
server: cloudflare
age: 12216
etag: W/"5813cfb2-d1d"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cf-ray: 7f5568cd8f4136c0-YYZ

GET
H2 200 file-video-v3.png
static.mediafire.com/images/filetype/ 2 KB
2 KB 44ms
33ms Image
image/png 104.16.53.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.mediafire.com/images/filetype/file-video-v3.png
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.16.53.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 20ab807515e08c1191e94fedab15f20c459af2235c27cecee7c581705fbe9dbe

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:11 GMT
cf-cache-status: HIT
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
server: cloudflare
age: 10951
etag: "62deda56-8dc"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 7f5568cd8f4436c0-YYZ
content-length: 2268
expires: Sun, 10 Sep 2023 23:16:49 GMT

GET
H2 200 icons_sprite.svg
www.mediafire.com/images/icons/svg_light/ 36 KB
8 KB 39ms
39ms Image
image/svg+xml 104.16.53.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.mediafire.com/images/icons/svg_light/icons_sprite.svg
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.16.53.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7ba1bc2084def769e77a7dbf97cd91d68fe6c6d55b5d183a7d36630da8da2b02

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:11 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
server: cloudflare
age: 10825
etag: W/"62deda56-90ab"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cf-ray: 7f5568cd7f3136c0-YYZ

GET
H2 200 arrow_dropdown.svg
www.mediafire.com/images/icons/svg_dark/ 315 B
340 B 40ms
39ms Image
image/svg+xml 104.16.53.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.mediafire.com/images/icons/svg_dark/arrow_dropdown.svg
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.16.53.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 82b94716473aa225e715e117802145c5d2d725aa1ba9d476d61a5d3da16a8c26

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:11 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
server: cloudflare
age: 11076
etag: W/"62deda56-13b"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cf-ray: 7f5568cd7f3636c0-YYZ

GET
H2 200 check_circle_green.svg
static.mediafire.com/images/icons/svg_dark/ 444 B
375 B 43ms
34ms Image
image/svg+xml 104.16.53.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.mediafire.com/images/icons/svg_dark/check_circle_green.svg
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.16.53.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 03c8d2dc7d985c3004ff2cd6d8148dd03560f37ed15efdf6c2d7f4d771d0e599

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:11 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
server: cloudflare
age: 10973
etag: W/"62deda56-1bc"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cf-ray: 7f5568cd8f4236c0-YYZ

GET
H2 200 fb_16x16.png
static.mediafire.com/images/backgrounds/download/social/ 181 B
284 B 44ms
36ms Image
image/png 104.16.53.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.mediafire.com/images/backgrounds/download/social/fb_16x16.png
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.16.53.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 720671166ac43aba99e3952b0b9341ab4e0fee1fd891db54e2a07f05db653142

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:11 GMT
cf-cache-status: HIT
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
server: cloudflare
age: 11140
etag: "62deda56-b5"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 7f5568cd8f4636c0-YYZ
content-length: 181
expires: Sun, 10 Sep 2023 23:30:35 GMT

GET
H2 200 infinity.js.aspx Show response
cdn.otnolatrnup.com/Scripts/ 176 KB
53 KB 85ms
33ms Script
application/x-javascript 104.19.214.37
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.otnolatrnup.com/Scripts/infinity.js.aspx?guid=5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.214.37 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9a2c289a27e5543c86bc981ec3834a298be6f16e208b46d5f67869a758a61956

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:11 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Sat, 12 Aug 2023 02:44:21 GMT
server: cloudflare
age: 225
vary: Accept-Encoding
p3p: CP="CAO PSA OUR IND"
access-control-allow-origin: *
content-type: application/x-javascript; charset=utf-8
cache-control: public, no-transform, max-age=900
cf-ray: 7f5568cdf93736b6-YYZ
alt-svc: h3=":443"; ma=86400

GET
H2 200 footerIcons.png
static.mediafire.com/images/backgrounds/footer/social/ 583 B
681 B 32ms
31ms Image
image/png 104.16.53.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.mediafire.com/images/backgrounds/footer/social/footerIcons.png
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.16.53.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f917a9105c311331b1d40f4d2bdbf11233c1c465616c1a9c46232f451463b061

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:11 GMT
cf-cache-status: HIT
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
server: cloudflare
age: 12216
etag: "62deda56-247"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 7f5568cdaf5a36c0-YYZ
content-length: 583
expires: Sun, 10 Sep 2023 19:36:06 GMT

GET
H2 200 like.php Show response
www.facebook.com/plugins/ Frame 5ED8 44 KB
15 KB 174ms
97ms Document
text/html 31.13.71.36
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/plugins/like.php?href=http://www.facebook.com/MediaFire&width=193&layout=button_count&action=like&show_faces=false&share=true&height=30&appId=124578887583575

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

31.13.71.36 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-lga3.facebook.com

Software

Resource Hash

134f6cbb7ebd61ea7bb8b6e67db98e7f6173068b4e6f795f979e5bd13f039c62

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Sat, 12 Aug 2023 02:50:11 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
origin-agent-cluster: ?0
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
pragma: no-cache
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: 4IFQf0eDBttgeMZadKadOGfYpisQnM9xYLm9pecZYJ/GDMo1zXI5GoXA8Xsz4pObLvotlKqVaTvM/VQsF9tkUQ==
x-xss-protection: 0

GET
H2 200 world.svg
static.mediafire.com/images/backgrounds/download/additional_content/ 143 KB
52 KB 43ms
42ms Image
image/svg+xml 104.16.53.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.mediafire.com/images/backgrounds/download/additional_content/world.svg
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.16.53.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4342feac38021c4fe3069eba0edf1c2e1b4345e2b548b0afb7ab21b7369b3bc8

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:11 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
server: cloudflare
age: 10400
etag: W/"62deda56-23ce2"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cf-ray: 7f5568cddf8d36c0-YYZ

GET
H2 200 continent-na.svg
static.mediafire.com/images/backgrounds/download/additional_content/ 50 KB
19 KB 34ms
33ms Image
image/svg+xml 104.16.53.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.mediafire.com/images/backgrounds/download/additional_content/continent-na.svg
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.16.53.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 05cfe92d9794a54258a19bfec7ae0faa73f61b66416983136594b4f95bb114dd

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:11 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
server: cloudflare
age: 8479
etag: W/"62deda56-c817"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cf-ray: 7f5568cddf8e36c0-YYZ

GET
H2 200 usa.svg
static.mediafire.com/images/flags_svg/ 1 KB
535 B 33ms
32ms Image
image/svg+xml 104.16.53.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.mediafire.com/images/flags_svg/usa.svg
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.16.53.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8bacb685be7cec7f41a0270e694fa90c0fb448b2c0ded5f1734baf51050d695c

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:11 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
server: cloudflare
age: 10086
etag: W/"62deda56-5c7"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cf-ray: 7f5568cddf9036c0-YYZ

GET
H2 200 flag.svg
static.mediafire.com/images/backgrounds/download/additional_content/ 234 B
273 B 32ms
31ms Image
image/svg+xml 104.16.53.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.mediafire.com/images/backgrounds/download/additional_content/flag.svg
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.16.53.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f52a0c7d9fa7ae8e45916c491ae7193f9a1e289f128f05264122c53d8da970db

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:11 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
server: cloudflare
age: 10951
etag: W/"62deda56-ea"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cf-ray: 7f5568cddf9136c0-YYZ

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 102ms
32ms Script
text/javascript 142.251.40.142
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-829541-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.40.142 Newark, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s80-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Sat, 12 Aug 2023 02:40:55 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 556
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Sat, 12 Aug 2023 04:40:55 GMT

GET
H2 204 state Show response
api.btloader.com/mw/ 0
101 B 89ms
41ms Fetch 130.211.23.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.btloader.com/mw/state?bt_env=prod
Requested by: Host: btloader.com
URL: https://btloader.com/tag?o=5678961798414336&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.23.194 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 194.23.211.130.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 12 Aug 2023 02:50:11 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
vary: Origin

GET
H2 200 px.gif
ad-delivery.net/ 43 B
922 B 72ms
23ms Image
image/gif 104.26.2.70
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-delivery.net/px.gif?ch=2
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.2.70 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:11 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2181426
x-guploader-uploadid: ADPycdvOmUcDWHZUXYTZjSa6ymKK5vTnkG2DG1csaWm0CZl7yjgmI4N8fTzabGM7FvFFdu4puuYh82iCOPdY3u3bTuB_Qg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 5
x-goog-stored-content-encoding: identity
content-length: 43
last-modified: Wed, 05 May 2021 19:25:32 GMT
server: cloudflare
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
vary: Accept-Encoding
x-goog-generation: 1620242732037093
content-type: image/gif
access-control-allow-origin: *
x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=86400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q25EW0gE4A22lREZ2s6UhYteutWBUgPe%2BgMQmQIsLm7IBfTEXEz6OrPHRz%2BVQTOa7ZFeDwdaD%2BBRrCbEuYIoxahUSWpIqqv5TwFv%2FikmGs%2F%2FaD%2FhXKKaaIa7UGrx16kUfQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 43
accept-ranges: bytes
cf-ray: 7f5568ce58bca222-YYZ
expires: Mon, 17 Jul 2023 21:50:40 GMT

GET
H2 200 favicon.ico
ad.doubleclick.net/ 1 KB
571 B 108ms
31ms Image
image/x-icon 142.250.72.102
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.72.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s32-in-f6.1e100.net

Software

sffe /

Resource Hash

d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Fri, 11 Aug 2023 06:52:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 71858
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 104
x-xss-protection: 0
last-modified: Tue, 08 May 2012 13:08:06 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/x-icon
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 12 Aug 2023 06:52:33 GMT

GET
H2 200 px.gif
ad-delivery.net/ 43 B
327 B 72ms
25ms Image
image/gif 104.26.2.70
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-delivery.net/px.gif?ch=1&e=0.0743002765913856
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.2.70 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:11 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2181426
x-guploader-uploadid: ADPycdvOmUcDWHZUXYTZjSa6ymKK5vTnkG2DG1csaWm0CZl7yjgmI4N8fTzabGM7FvFFdu4puuYh82iCOPdY3u3bTuB_Qg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 5
x-goog-stored-content-encoding: identity
content-length: 43
last-modified: Wed, 05 May 2021 19:25:32 GMT
server: cloudflare
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
vary: Accept-Encoding
x-goog-generation: 1620242732037093
content-type: image/gif
access-control-allow-origin: *
x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=86400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6u87XVOwONwaIuyog0CF7hjCTtEV68Vw5q%2BpH6Kn%2BVuxDCuzyiNcwLI%2F4aGeNdfLIz0uckJimXN4DmvORqIx4nEVpScdeu5iuqMbEwjvZd%2FE580hdXzzA2dhtY6rwvspIw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 43
accept-ranges: bytes
cf-ray: 7f5568ce58bda222-YYZ
expires: Mon, 17 Jul 2023 21:50:40 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 227 KB
78 KB 46ms
46ms Script
application/javascript 142.250.80.72
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-K68XP6D85D&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-53LP4T

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.80.72 Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s35-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

58226a8f973d9946708eef4e2bcb15843047454fa801fdb8f6ac1e8d06ee2ea4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:11 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 80213
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 12 Aug 2023 02:50:11 GMT

GET
H2

200

invisible.js Show response
www.mediafire.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/7186c00a/ Frame 9B28
Redirect Chain

https://www.mediafire.com/cdn-cgi/challenge-platform/scripts/invisible.js
https://www.mediafire.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/7186c00a/invisible.js

7 KB
3 KB

26ms
25ms

Script
application/javascript

104.16.53.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mediafire.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/7186c00a/invisible.js

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file

Protocol

Server

104.16.53.48 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b7c8ac54b9172ddc0982ceebb9a5128ab6da73a81276fe69921034d7fd0de1fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cloudflare
vary: accept-encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
cf-ray: 7f5568cfc9c936c0-YYZ

Redirect headers

date: Sat, 12 Aug 2023 02:50:11 GMT
content-encoding: gzip
server: cloudflare
vary: accept-encoding
access-control-allow-origin: *
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/7186c00a/invisible.js
cache-control: max-age=300, public
cf-ray: 7f5568ce986136c0-YYZ

POST
H2 200 saa.go Show response
g.ezoic.net/ 13 KB
5 KB 131ms
41ms XHR
text/javascript 50.16.223.119
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/saa.go
Requested by: Host: www.ezojs.com
URL: https://www.ezojs.com/ezoic/sa.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 50.16.223.119 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-50-16-223-119.compute-1.amazonaws.com
Software: Apache/2.4.39 (Ubuntu) /
Resource Hash: 990e389207cbc5db9675c8dffc8e933f7e7330c0e778c5e6c4c2fa4393d73419

Request headers

Referer: https://www.mediafire.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 12 Aug 2023 02:50:11 GMT
content-encoding: br
server: Apache/2.4.39 (Ubuntu)
access-control-max-age: 1728000
access-control-allow-methods: GET, POST, PUT, OPTIONS
content-type: text/javascript
access-control-allow-origin: https://www.mediafire.com
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
access-control-allow-credentials: true
vary: Accept-Encoding,Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-robots-tag: noindex
access-control-allow-headers: Content-Type
expires: Fri, 11 Aug 2023 02:50:11 GMT

GET
H2 200 boise.js Show response
go.ezodn.com/detroitchicago/ 673 B
893 B 125ms
38ms Script
application/javascript 172.64.136.15
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go.ezodn.com/detroitchicago/boise.js?gcb=195-2&cb=2
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.136.15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6fa04d8b4b07ebd5ebb250e33b532615e80dd02d46afb5cc0654c3c128b1c427

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:11 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 03 Apr 2023 17:17:57 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 11262158
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FCN8cvt4R1MU930oXgWO0EJcC05tibyOWCt1C%2BNXKcquEvUGYdKR2BmtETQoNdSlK7dkAweuJVThh0zUjCHeGSL6ofNOYG%2BjGpnp%2BPn2eFoaQw3sc9CsDXIGRko4cjA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-middleton-display: sol-js
cache-control: public, max-age=31536000
x-robots-tag: noindex
cf-ray: 7f5568d029900f37-EWR
alt-svc: h3=":443"; ma=86400

GET
H2 200 memphis.js Show response
go.ezodn.com/detroitchicago/ 6 KB
3 KB 128ms
40ms Script
application/javascript 172.64.136.15
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go.ezodn.com/detroitchicago/memphis.js?gcb=195-2&cb=27
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.136.15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0e0449433f5a829a39e7183a95731f17604a3eeca7127eee349f2ed56d19863b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:11 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 10 Aug 2023 22:36:06 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 101633
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5ZTMRRfXR7C5vgzBzezWCSOtBeYoaXs0cHNhXZbSk7Bbq7lzIFs9fPBeaRjj30F9%2BasNvwmkMLfqY4pXlzTlOLUFTT625z4wye3xu%2FJ5xXrXAvY2Ot9FaGN8%2Bgtxrk8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-middleton-display: sol-js
cache-control: public, max-age=31536000
x-robots-tag: noindex
cf-ray: 7f5568d029930f37-EWR
alt-svc: h3=":443"; ma=86400

GET
H2 200 minneapolis.js Show response
go.ezodn.com/detroitchicago/ 753 B
746 B 127ms
40ms Script
application/javascript 172.64.136.15
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go.ezodn.com/detroitchicago/minneapolis.js?gcb=195-2&cb=4
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.136.15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5bc5c07e0be95a6f4bcee0290f34afc7f488d0b17873727b7b3ace6be6a4e029

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:11 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 21 Mar 2023 07:59:26 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 11805673
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PRfRQzgVbE%2FsJnUOlXmNyO7ZF%2Bkjqy2EUsLvqqh4ditkG7TYh1Uc8xNsKB7GqWXxzSlSYTA%2FPtbqnMwUlXSU6tHwgOpT%2B3OLKkkuOZ0LaGSXekZnk7R71M19nNIkg6k%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-middleton-display: sol-js
cache-control: public, max-age=31536000
x-robots-tag: noindex
cf-ray: 7f5568d029950f37-EWR
alt-svc: h3=":443"; ma=86400

GET
H2 200 et.js Show response
go.ezodn.com/porpoiseant/ 850 B
764 B 132ms
45ms Script
application/javascript 172.64.136.15
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go.ezodn.com/porpoiseant/et.js?gcb=195-2&cb=1
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.136.15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b59fb884e042986638877395f3d08978aa6a7b31458f1d53d188799e4d677a28

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:11 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 01 Aug 2023 23:32:05 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 875860
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H%2FJAo%2F89gkCveLo9mnQZ7MscFGA1gruo7uxUEEwufJsUd5gWyKjwLgdMxOhGF3fM0he5nnTowG13tXV3whK7xcTc3JM2YyFfTtUB48Jkm5ODOf9rRsJL%2BmAGpV8%2Byhk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-middleton-display: sol-js
cache-control: public, max-age=31536000
x-robots-tag: noindex
cf-ray: 7f5568d029960f37-EWR
alt-svc: h3=":443"; ma=86400

GET
H2 200 raleigh.js Show response
go.ezodn.com/detroitchicago/ 1 KB
978 B 125ms
39ms Script
application/javascript 172.64.136.15
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go.ezodn.com/detroitchicago/raleigh.js?gcb=195-2&cb=6
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.136.15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 30887d75ca7268ceabc93067bca019f8ffe07189630a759407b236736e1f15af

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:11 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 03 Apr 2023 19:08:14 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 11259717
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BKM%2Fk%2FaA9aAW7JDuQpkWFDk6eHo%2Fo8goujC04qnUktm6nG0KhmALlZsRoWavpdTgKIw7Jc8xLetX2YnUh4pOUs1LWfVsFtyMdaJIgW%2Bz6J4oVeVcjeL95d%2BqN5IpdpM%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-middleton-display: sol-js
cache-control: public, max-age=31536000
x-robots-tag: noindex
cf-ray: 7f5568d029970f37-EWR
alt-svc: h3=":443"; ma=86400

GET
H2 200 vista.js Show response
go.ezodn.com/detroitchicago/ 455 B
587 B 134ms
47ms Script
application/javascript 172.64.136.15
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go.ezodn.com/detroitchicago/vista.js?gcb=195-2&cb=3
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.136.15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e7e582de149bb6ebadeca427fa3b399d3e6db337085f6336de368ac68a8fa0d0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:11 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 10 Aug 2023 18:33:08 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 116211
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nn%2BMKI9I6hV8atNiMPKni3%2BfuhdSJiYiFgBh12ExMgOOJCUEytqjqaNxZfUud5qCnHL9iq7fFuR1d7N7GE3IG6Thdwx7FgIQ9gNeKXvjSFb3Tc3SNGJf23nIE%2FLgVKY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-middleton-display: sol-js
cache-control: public, max-age=31536000
x-robots-tag: noindex
cf-ray: 7f5568d029980f37-EWR
alt-svc: h3=":443"; ma=86400

GET
H2 200 tampa.js Show response
go.ezodn.com/detroitchicago/ 748 B
703 B 40ms
40ms Script
application/javascript 172.64.136.15
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go.ezodn.com/detroitchicago/tampa.js?gcb=195-2&cb=5
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.136.15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b329df3fc93c69a2430dd885f9f9cc4f5d86aa2736402bc36a86261037ca3bcb

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:11 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 21 Mar 2023 12:03:22 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 11259717
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zjA5SA3qx6Z%2Bib2zv3cOT%2FB9EACsePfvO2rGNWkqceT9LOgkG9Tkej%2FynTk98fKUPmi2IpKHTEYJ0s4nPrsDLmnertxPHMCqoMA4KSlnH2gJTnGQzmSR7YjtWolE%2Bn0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-middleton-display: sol-js
cache-control: public, max-age=31536000
x-robots-tag: noindex
cf-ray: 7f5568d049a10f37-EWR
alt-svc: h3=":443"; ma=86400

POST
H2 200 / Show response
api.amplitude.com/ 7 B
206 B 283ms
96ms XHR
text/html 52.35.197.209
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.amplitude.com/

Requested by

Host: cdn.amplitude.com
URL: https://cdn.amplitude.com/libs/amplitude-8.5.0-min.gz.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.35.197.209 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-35-197-209.us-west-2.compute.amazonaws.com

Software

Resource Hash

aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://www.mediafire.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

access-control-allow-origin: *
date: Sat, 12 Aug 2023 02:50:12 GMT
strict-transport-security: max-age=15768000
trace-id: Root=1-64d6f364-409e1c6b367f714a7425b7f9
content-length: 7
access-control-allow-methods: GET, POST
content-type: text/html;charset=utf-8

GET
H2 200 FEppCFCt76d.png
static.xx.fbcdn.net/rsrc.php/v3/yD/r/ Frame 5ED8 299 B
853 B 111ms
32ms Image
image/png 31.13.71.7
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yD/r/FEppCFCt76d.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/plugins/like.php?href=http://www.facebook.com/MediaFire&width=193&layout=button_count&action=like&show_faces=false&share=true&height=30&appId=124578887583575

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

31.13.71.7 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-lga3.fbcdn.net

Software

Resource Hash

d65f4b2e8eee94ddc7f762d098de19558d879a3b597c8913b4d075532e3ed4b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-fb-debug: Xld1WAKB3maFqTJWXxdDZJu68JMCKQG5fvZTKd1FJCBTIyfgbCErvK2I01RLAUOwUb9LdAhnT4UsI2cAIMZ3Vg==
date: Sat, 12 Aug 2023 02:50:11 GMT
x-content-type-options: nosniff
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-md5: OIlAxCmR79nrM/Ez4ygGlg==
document-policy: force-load-at-top
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 299
expires: Fri, 09 Aug 2024 02:09:48 GMT

GET
H2 200 prebid5.17.0.js Show response
www.mediafire.com/js/ 263 KB
82 KB 49ms
49ms Script
application/x-javascript 104.16.53.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.mediafire.com/js/prebid5.17.0.js
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.16.53.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6dc7917529ca101209b15752c61816375bbbb8b7b9809efb540ccacf45748d09

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:11 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
cf-bgj: minify
server: cloudflare
age: 1862
etag: W/"62deda56-41aec"
cf-polished: origSize=269036
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=2592000
cf-ray: 7f5568cfd9d436c0-YYZ
expires: Mon, 11 Sep 2023 01:37:22 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 85 KB
28 KB 151ms
61ms Script
text/javascript 142.250.64.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.64.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s31-in-f2.1e100.net

Software

cafe /

Resource Hash

b6a8163c6514c7be7a550ee3ada78784539712ed45c143cacde732480c70fae8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:11 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28437
x-xss-protection: 0
server: cafe
etag: 762 / 19581 / 31076971 / config-hash: 9566803040182507923
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sat, 12 Aug 2023 02:50:11 GMT

GET
H2 200 Tag.engine Show response
otnolatrnup.com/ 2 KB
2 KB 107ms
94ms Script
application/json 104.19.214.37
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://otnolatrnup.com/Tag.engine?time=420&id=5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0&rand=96017&ver=async&referrerUrl=&fingerPrint=123&abr=false&stdTime=-480&fpe=1&bw=1600&bh=1200&res=1600x1200&curl=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F2vx6675c5wkf95s%2FOmegle_loading_video-_Free_Download.mp4%2Ffile%23&kw=online%20storage%2Cfree%20storage%2Ccloud%20storage%2Ccollaboration%2Cbackup%20file%20sharing%2Cshare%20files%2Cphoto%20backup%2Cphoto%20sharing%2Cftp%20replacement%2Ccross%20platform%2Cremote%20access%2Cmobile%20access%2Csend%20large%20files%2Crecover%20files%2Cfile%20versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos%20x%2Clinux%2Ciphone
Requested by: Host: cdn.otnolatrnup.com
URL: https://cdn.otnolatrnup.com/Scripts/infinity.js.aspx?guid=5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.214.37 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 65ae7f8036c33ec2608712f439ed87a34c21e51d1f5e811f14eff3c4de93e1fb

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:11 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
server: cloudflare
vary: Accept-Encoding
p3p: CP="CAO PSA OUR IND"
access-control-allow-origin: *
content-type: application/json; charset=utf-8
cache-control: private, no-transform
cf-ray: 7f5568d00c5036b6-YYZ
alt-svc: h3=":443"; ma=86400

GET
H2 200 m=el_main_css
www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.qhDXWpKopYk.L.W.O/d=0/rs=AN8SPfp0QXhhaDDdjg_LgcSqoZiPEzC1tw/ 22 KB
5 KB 105ms
32ms Stylesheet
text/css 142.251.40.131
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.qhDXWpKopYk.L.W.O/d=0/rs=AN8SPfp0QXhhaDDdjg_LgcSqoZiPEzC1tw/m=el_main_css

Requested by

Host:
URL: /_/translate_http/_/js/k=translate_http.tr.en_US.cxx1ue4THeQ.O/d=1/rs=AN8SPfpgtIztz1wQfUWXQbKcvAvK2rZngg/m=el_conf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.40.131 Newark, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s80-in-f3.1e100.net

Software

sffe /

Resource Hash

71ca2652e2b3ffd3c0ec966958604714ce6c7af01d961b44adc438518eb58cb3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Fri, 11 Aug 2023 13:45:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 47053
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4176
x-xss-protection: 0
last-modified: Sat, 15 Jul 2023 01:09:03 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="rosetta"
vary: Accept-Encoding
report-to: {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 10 Aug 2024 13:45:58 GMT

GET
H2 200 m=el_main Show response
translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.en_US.cxx1ue4THeQ.O/d=1/exm=el_conf/ed=1/rs=AN8SPfpgtIztz1wQfUWXQbKcvAvK2rZngg/ 214 KB
76 KB 103ms
31ms Script
text/javascript 142.251.32.106
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.en_US.cxx1ue4THeQ.O/d=1/exm=el_conf/ed=1/rs=AN8SPfpgtIztz1wQfUWXQbKcvAvK2rZngg/m=el_main

Requested by

Host:
URL: /_/translate_http/_/js/k=translate_http.tr.en_US.cxx1ue4THeQ.O/d=1/rs=AN8SPfpgtIztz1wQfUWXQbKcvAvK2rZngg/m=el_conf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.32.106 Marriottsville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s77-in-f10.1e100.net

Software

sffe /

Resource Hash

4bffdea8f53f96085b1f6d5e1eb5e1c748aad46c20e75e7ca1e64d482af806d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Thu, 10 Aug 2023 17:23:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 120399
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 77524
x-xss-protection: 0
last-modified: Wed, 09 Aug 2023 21:28:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="rosetta"
vary: Accept-Encoding
report-to: {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 09 Aug 2024 17:23:32 GMT

GET
H2 200 country Show response
api.btloader.com/ 16 B
141 B 43ms
39ms Fetch
application/json 130.211.23.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.btloader.com/country
Requested by: Host: btloader.com
URL: https://btloader.com/tag?o=5678961798414336&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.23.194 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 194.23.211.130.bc.googleusercontent.com
Software: /
Resource Hash: 8bd69d0dddab8bc553263c254faad469c2a3e08bfb0b737e763f7feabe571225

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:11 GMT
via: 1.1 google
vary: Origin
content-type: application/json
access-control-allow-origin: *
cache-control: private, max-age=300, stale-while-revalidate=600, stale-if-error=600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16

GET
H2 204 pv Show response
api.btloader.com/ 0
66 B 41ms
40ms XHR
text/plain 130.211.23.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.btloader.com/pv?tid=KtBlAaP8MG&w=5115845767331840&o=5678961798414336&cv=2.1.17-2-g0b33bd3&r=false&vr=1600x1200&pageURL=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F2vx6675c5wkf95s%2FOmegle_loading_video-_Free_Download.mp4%2Ffile%23&sid=xocHwHm1&upapi=true
Requested by: Host: btloader.com
URL: https://btloader.com/tag?o=5678961798414336&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.23.194 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 194.23.211.130.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 12 Aug 2023 02:50:11 GMT
cache-control: no-cache, no-store, must-revalidate
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
vary: Origin

GET
H2 200 tk_WYlkCfdi.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yx/l/en_US/ Frame 5ED8 519 KB
134 KB 98ms
33ms XHR
application/x-javascript 31.13.71.7
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yx/l/en_US/tk_WYlkCfdi.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

31.13.71.7 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-lga3.fbcdn.net

Software

Resource Hash

f03571862f0c2c11f91db91e223cd5d59e6b4e9e572c38c7251ff8dbfa32f908

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:11 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: ynq3lnXnuC2dOmLaY3Jgjg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 136847
x-fb-debug: A5pO7miq78Rffxc43BS7IFAI/cma3LiAPthdEFLqg3Da4z3wRCL6b1mRVf1uFVsMaS34QWnWu3ieg+nkpIQ8mA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Tue, 06 Aug 2024 22:10:15 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
208 B 48ms
46ms XHR
text/plain 142.251.40.142
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=610715742&t=pageview&_s=1&dl=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F2vx6675c5wkf95s%2FOmegle_loading_video-_Free_Download.mp4%2Ffile&ul=en-us&de=UTF-8&dt=Omegle%20loading%20video-%20Free%20Download&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAACAAI~&jid=648935044&gjid=1520881840&cid=1193569433.1691808612&tid=UA-829541-1&_gid=1302994950.1691808612&_r=1&gtm=457e3890&cd1=unregistered&cd7=legacy&cd3=video&cd4=51&cd5=mp4&cd8=%2F100%2F&jsscut=1&z=1382971723

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.40.142 Newark, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s80-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.mediafire.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 12 Aug 2023 02:50:11 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.mediafire.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
analytics.google.com/g/ 0
255 B 113ms
43ms Ping
text/plain 142.250.65.238
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-K68XP6D85D&gtm=45je3890&_p=610715742&_gaz=1&cid=1193569433.1691808612&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1691808611&sct=1&seg=0&dl=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F2vx6675c5wkf95s%2FOmegle_loading_video-_Free_Download.mp4%2Ffile&dt=Omegle%20loading%20video-%20Free%20Download&en=page_view&_fv=1&_ss=1&up.page_url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F2vx6675c5wkf95s%2FOmegle_loading_video-_Free_Download.mp4%2Ffile
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-K68XP6D85D&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.65.238 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: lga25s73-in-f14.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 12 Aug 2023 02:50:11 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.mediafire.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
255 B 119ms
42ms Ping
text/plain 172.253.63.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-K68XP6D85D&cid=1193569433.1691808612&gtm=45je3890&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-K68XP6D85D&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.253.63.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: bi-in-f155.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 12 Aug 2023 02:50:11 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.mediafire.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.ca/ads/ 42 B
408 B 118ms
48ms Image
image/gif 142.251.41.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-K68XP6D85D&cid=1193569433.1691808612&gtm=45je3890&aip=1&z=1743478526

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.41.3 Marriottsville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s40-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 12 Aug 2023 02:50:11 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 7f5568cb9c6636c0 Show response
www.mediafire.com/cdn-cgi/challenge-platform/h/b/cv/result/ Frame 9B28 0
276 B 49ms
48ms XHR
text/plain 104.16.53.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.mediafire.com/cdn-cgi/challenge-platform/h/b/cv/result/7f5568cb9c6636c0
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/cdn-cgi/challenge-platform/scripts/invisible.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.16.53.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 12 Aug 2023 02:50:12 GMT
content-encoding: gzip
server: cloudflare
cf-ray: 7f5568d16bcd36c0-YYZ
content-type: text/plain; charset=UTF-8

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
151 B 43ms
42ms XHR
text/plain 172.253.63.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-829541-1&cid=1193569433.1691808612&jid=648935044&gjid=1520881840&_gid=1302994950.1691808612&_u=YEBAAUAAAAAAACAAI~&z=109173237

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.63.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f155.1e100.net

Software

Golfe2 /

Resource Hash

8685bca4bb29a8a8289c3effd282cb8718a7d14da65f1397481f213b15469f50

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.mediafire.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sat, 12 Aug 2023 02:50:12 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.mediafire.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 edmonton.webp Show response
go.ezodn.com/detroitchicago/ 21 KB
6 KB 39ms
38ms Script
application/javascript 172.64.136.15
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go.ezodn.com/detroitchicago/edmonton.webp?a=a&cb=195-2&shcb=34
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.136.15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c5d9c9f6bbfd42b7c3c63a20fb54ba49978b53f6b981fbabe4d56dd90b2b44ab

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:12 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 21 Mar 2023 05:42:04 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 11259718
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H5OGOGSiJgF%2BkosNSxasDseNcm8AXKt8KP4iCIcIATib9uhXUgaBXrFgNXyw1%2B%2BPpDceQvxDwbKLF5vourYJPdL6v9uDZTZNCZLQfApIVuCSlZH8TTOXqtPI5YMmUAo%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-middleton-display: sol-js
cache-control: public, max-age=31536000
x-robots-tag: noindex
cf-ray: 7f5568d18ab20f37-EWR
alt-svc: h3=":443"; ma=86400

GET
H2 200 vitals.js Show response
go.ezodn.com/tardisrocinante/ 5 KB
2 KB 40ms
39ms Script
application/javascript 172.64.136.15
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go.ezodn.com/tardisrocinante/vitals.js?gcb=195-2&cb=3
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.136.15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d839b193eba1dd4578cc90dfe2fe6edea552e807f65af9e79780a58d0ad9b1bb

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:12 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 04 Apr 2023 07:58:33 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 11213499
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5qsuHH2K%2FE4r%2FswZ7iS3Io6t5YRYH4TgfCHFbWwXqVfI2Pjp69rc1Kz3E1JYJAqPuvWYYBxAHmZX93x4XRoacHG0crJBgKE3ZyM4EobFQupekFx4ASEcuYn1CkB5Eos%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-middleton-display: sol-js
cache-control: public, max-age=31536000
x-robots-tag: noindex
cf-ray: 7f5568d19ab40f37-EWR
alt-svc: h3=":443"; ma=86400

GET
H2 200 rochester.js Show response
go.ezodn.com/detroitchicago/ 2 KB
1 KB 41ms
40ms Script
application/javascript 172.64.136.15
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go.ezodn.com/detroitchicago/rochester.js?gcb=195-2&cb=17
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.136.15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 71ac1f412d544231441eabf3f0b2437b769aba569c637a3e9524e6421d781cc9

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:12 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 372689
x-middleton-display: sol-js
alt-svc: h3=":443"; ma=86400
content-length: 796
last-modified: Mon, 07 Aug 2023 19:18:10 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g4RbuT4ZXahdSDejYako4xTuNajAvSMS1x8KMsQE8%2FAeWDuTVo0LENxqC1upuqL1zO%2BRYBD3GIEUe93Uz06mw8YsdESBajFr6UPcAlhEQoud2dgLdXXc5u5P3iZMk3c%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noindex
cf-ray: 7f5568d19ab50f37-EWR

POST
H2 200 prebid Show response
prebid.media.net/rtb/ 30 KB
10 KB 165ms
117ms XHR
application/json 34.107.148.139
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.media.net/rtb/prebid?cid=8CUO2689O
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/js/prebid5.17.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.148.139 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 139.148.107.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 5efd28d69d6d44e5e9ed27b8550d6464b20a507bd8b9f9d5c68e9789c48123cc

Request headers

Referer: https://www.mediafire.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 12 Aug 2023 02:50:12 GMT
content-encoding: gzip
via: 1.1 google
server: nginx
accept-ch: Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.mediafire.com
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
expires: Sat, 12 Aug 2023 02:50:12 GMT

POST
H2 200 v1 Show response
btlr.sharethrough.com/universal/ 637 B
570 B 210ms
108ms XHR
application/json 18.207.17.231
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/js/prebid5.17.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.207.17.231 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-207-17-231.compute-1.amazonaws.com
Software: /
Resource Hash: 70662ada4a7427f43cc2e1c4215f759613bf6ca586b96c559fd139b69d794df3

Request headers

Referer: https://www.mediafire.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 12 Aug 2023 02:50:11 GMT
content-encoding: gzip
x-openrtb-version: 2.5
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.mediafire.com
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 416

POST
H2 200 v1 Show response
btlr.sharethrough.com/universal/ 543 B
510 B 159ms
57ms XHR
application/json 18.207.17.231
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/js/prebid5.17.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.207.17.231 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-207-17-231.compute-1.amazonaws.com
Software: /
Resource Hash: 412cd8a769b578a0721cae27c1e8162a0363af2241047467bc58c1eb9545b156

Request headers

Referer: https://www.mediafire.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 12 Aug 2023 02:50:11 GMT
content-encoding: gzip
x-openrtb-version: 2.5
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.mediafire.com
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 357

POST
H2 200 v1 Show response
btlr.sharethrough.com/universal/ 515 B
656 B 142ms
40ms XHR
application/json 18.207.17.231
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/js/prebid5.17.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.207.17.231 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-207-17-231.compute-1.amazonaws.com
Software: /
Resource Hash: 36272d4861eb58d40d570890ee3aec1d27bbe70c1444b442d4da42624d7b7f0f

Request headers

Referer: https://www.mediafire.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 12 Aug 2023 02:50:11 GMT
content-encoding: gzip
x-openrtb-version: 2.5
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.mediafire.com
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 346

POST
H2 200 v1 Show response
btlr.sharethrough.com/universal/ 345 B
398 B 147ms
46ms XHR
application/json 18.207.17.231
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/js/prebid5.17.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.207.17.231 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-207-17-231.compute-1.amazonaws.com
Software: /
Resource Hash: 7d1815530c1476d4fbcd449d9179aebb295297ec48b4b15bc123c88a8983c6fb

Request headers

Referer: https://www.mediafire.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 12 Aug 2023 02:50:11 GMT
content-encoding: gzip
x-openrtb-version: 2.5
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.mediafire.com
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 245

POST
H2 200 v1 Show response
btlr.sharethrough.com/universal/ 616 B
524 B 153ms
53ms XHR
application/json 18.207.17.231
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/js/prebid5.17.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.207.17.231 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-207-17-231.compute-1.amazonaws.com
Software: /
Resource Hash: 855221f2bad2660657296e432e19d90752d35aaa9387df5c6f858c9bd5896429

Request headers

Referer: https://www.mediafire.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 12 Aug 2023 02:50:11 GMT
content-encoding: gzip
x-openrtb-version: 2.5
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.mediafire.com
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 371

POST
H2 200 translator Show response
hbopenbid.pubmatic.com/ 33 KB
5 KB 157ms
72ms XHR
application/json 104.36.115.111
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/js/prebid5.17.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.115.111 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: 7f3d9b60e90a33328a19ef934c64e5a00542fd76aeeb3cfc3cfbadb8fc876f5d

Request headers

Referer: https://www.mediafire.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.mediafire.com
date: Sat, 12 Aug 2023 02:50:12 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-openrtb-version: 2.3
content-encoding: gzip
content-type: application/json

GET
H2 200 cc_af.js Show response
tags.crwdcntrl.net/c/4545/ 55 KB
14 KB 117ms
37ms Script
application/json 108.138.128.46
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.crwdcntrl.net/c/4545/cc_af.js
Requested by: Host: cdn.otnolatrnup.com
URL: https://cdn.otnolatrnup.com/Scripts/infinity.js.aspx?guid=5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.128.46 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-128-46.jfk50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 8a1ca667f8be1d9635b262dc3b15aeecc9d61e0fc2457a1f95ccf6d0bc25a37a

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Fri, 11 Aug 2023 12:15:28 GMT
content-encoding: gzip
via: 1.1 25c8a58d4773aeef98fa0f0f950689bc.cloudfront.net (CloudFront)
last-modified: Mon, 03 Oct 2022 20:56:51 GMT
server: AmazonS3
x-amz-cf-pop: JFK50-P4
age: 52485
x-amz-server-side-encryption: AES256
etag: W/"a4ff03e3d8274ebe2833a0a33a541e12"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/json
cache-control: public, max-age=86400
x-amz-cf-id: adFB7echhB4mHjsQJhuAhizU-eoxEw95cD237zfc-a1yjl7TL_nDnw==

GET
H2 200 callback=g367CB268B1094004A3689751E7AC568F.Lotame.CallExtractionAPICallback Show response
ad.crwdcntrl.net/5/c=3722/pe=y/ 131 B
367 B 130ms
35ms Script
application/javascript 54.156.134.244
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.crwdcntrl.net/5/c=3722/pe=y/callback=g367CB268B1094004A3689751E7AC568F.Lotame.CallExtractionAPICallback?69351866
Requested by: Host: cdn.otnolatrnup.com
URL: https://cdn.otnolatrnup.com/Scripts/infinity.js.aspx?guid=5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.156.134.244 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-156-134-244.compute-1.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 3d41b5eccb6d46de2253c6c225a6aef2009f266fc4180385b9d1ad17c19e7329

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 12 Aug 2023 02:50:12 GMT
server: Jetty(9.4.38.v20210224)
content-type: application/javascript;charset=utf-8
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.40.10.56
content-length: 131
expires: 0

GET
H2

200

tpid=9d9d5acd105d470e9b7b9f61880cfdb6
bcp.crwdcntrl.net/map/ct=y/c=3722/tp=ADSP/
Redirect Chain

https://bcp.crwdcntrl.net/map/c=3722/tp=ADSP/tpid=9d9d5acd105d470e9b7b9f61880cfdb6
https://bcp.crwdcntrl.net/map/ct=y/c=3722/tp=ADSP/tpid=9d9d5acd105d470e9b7b9f61880cfdb6

49 B
741 B

46ms
46ms

Image
image/gif

54.85.119.254
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bcp.crwdcntrl.net/map/ct=y/c=3722/tp=ADSP/tpid=9d9d5acd105d470e9b7b9f61880cfdb6
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file
Protocol: H2
Server: 54.85.119.254 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-85-119-254.compute-1.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 12 Aug 2023 02:50:12 GMT
server: Jetty(9.4.38.v20210224)
content-type: image/gif
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.40.36.205
content-length: 49
expires: 0

Redirect headers

pragma: no-cache
date: Sat, 12 Aug 2023 02:50:12 GMT
server: Jetty(9.4.38.v20210224)
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location: https://bcp.crwdcntrl.net/map/ct=y/c=3722/tp=ADSP/tpid=9d9d5acd105d470e9b7b9f61880cfdb6
cache-control: no-cache
x-server: 10.40.38.98
content-length: 0
expires: 0

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
408 B 125ms
47ms Image
image/gif 142.250.81.228
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-829541-1&cid=1193569433.1691808612&jid=648935044&_u=YEBAAUAAAAAAACAAI~&z=2094163777

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.81.228 Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s74-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 12 Aug 2023 02:50:12 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.ca/ads/ 42 B
107 B 48ms
48ms Image
image/gif 142.251.41.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-829541-1&cid=1193569433.1691808612&jid=648935044&_u=YEBAAUAAAAAAACAAI~&z=2094163777

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.41.3 Marriottsville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s40-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 12 Aug 2023 02:50:12 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308090102/ 400 KB
126 KB 36ms
34ms Script
text/javascript 142.250.64.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308090102/pubads_impl.js?cb=31076971

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.64.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s31-in-f2.1e100.net

Software

cafe /

Resource Hash

238331d3bee21cf334365e5e4f91796e9cc156e3c01c4f0f07cb11a4883158ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Fri, 11 Aug 2023 10:36:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 58416
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 129196
x-xss-protection: 0
server: cafe
etag: 4052064757744512332
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Sat, 10 Aug 2024 10:36:36 GMT

GET
DATA 200
OK truncated Show response
/ Frame 77C1 1 KB
1 KB Document
text/html

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b7637a4cc7e15b52376c9dba975683af0b7987a44b3d05200747c035a6852274

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Content-Type: text/html;charset=UTF-8

GET
H2 200 24px.svg
fonts.gstatic.com/s/i/productlogos/translate/v14/ 6 KB
4 KB 1135ms
33ms Image
image/svg+xml 142.250.80.99
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fonts.gstatic.com/s/i/productlogos/translate/v14/24px.svg

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.80.99 Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s36-in-f3.1e100.net

Software

sffe /

Resource Hash

ab5c23a05e39deed14d9d8262b0dce9f024f86105a27196cad37d14a3f516e09

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Thu, 10 Aug 2023 03:24:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 170736
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3340
x-xss-protection: 0
last-modified: Wed, 20 Apr 2022 14:24:23 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
vary: Accept-Encoding
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 09 Aug 2024 03:24:37 GMT

GET
H2 200 googlelogo_color_42x16dp.png
www.gstatic.com/images/branding/googlelogo/1x/ 910 B
1 KB 32ms
31ms Image
image/png 142.251.40.131
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/branding/googlelogo/1x/googlelogo_color_42x16dp.png

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.40.131 Newark, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s80-in-f3.1e100.net

Software

sffe /

Resource Hash

6318394f737c66f0e2ccfcd88e3935c6667633a1b95fa29fba2b75431d55eef2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 00:14:54 GMT
x-content-type-options: nosniff
age: 9318
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 910
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Sun, 11 Aug 2024 00:14:54 GMT

GET
H2 200 translate_24dp.png
www.gstatic.com/images/branding/product/2x/ 2 KB
2 KB 33ms
32ms Image
image/png 142.251.40.131
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/branding/product/2x/translate_24dp.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.qhDXWpKopYk.L.W.O/d=0/rs=AN8SPfp0QXhhaDDdjg_LgcSqoZiPEzC1tw/m=el_main_css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.40.131 Newark, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s80-in-f3.1e100.net

Software

sffe /

Resource Hash

4dac0026fbfa2615dce30c0af12830863fe885f84387a0147b9e338f548d5d82

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.qhDXWpKopYk.L.W.O/d=0/rs=AN8SPfp0QXhhaDDdjg_LgcSqoZiPEzC1tw/m=el_main_css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Thu, 10 Aug 2023 16:00:34 GMT
x-content-type-options: nosniff
age: 125378
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1842
x-xss-protection: 0
last-modified: Thu, 14 Oct 2021 09:08:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Fri, 09 Aug 2024 16:00:34 GMT

POST
H2 200 imp.gif
g.ezoic.net/detroitchicago/ 43 B
196 B 37ms
35ms Ping
image/gif 50.16.223.119
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/detroitchicago/imp.gif?ez_orig=1
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/detroitchicago/memphis.js?gcb=195-2&cb=27
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 50.16.223.119 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-50-16-223-119.compute-1.amazonaws.com
Software: /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://www.mediafire.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 12 Aug 2023 02:50:12 GMT
content-encoding: br
access-control-max-age: 1728000
access-control-allow-methods: HEAD, PUT, POST, GET, OPTIONS
content-type: image/gif
access-control-allow-origin: https://www.mediafire.com
x-middleton-display: imp_sol
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
vary: Accept-Encoding
access-control-allow-headers: Content-Type
content-length: 47
expires: Fri, 11 Aug 2023 02:50:12 GMT

GET
H2 200 183096492 Show response
fundingchoicesmessages.google.com/i/ 150 KB
50 KB 88ms
78ms Script
application/javascript 142.251.40.142
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/i/183096492?ers=3

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308090102/pubads_impl.js?cb=31076971

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.40.142 Newark, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s80-in-f14.1e100.net

Software

ESF /

Resource Hash

e52305b4dcebd8efb37d3aa279475b70d22f1d5ebefbf2c253d51f1a23c79d73

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-u8wDKHKrctzlDE6ZWTba6A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:12 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-u8wDKHKrctzlDE6ZWTba6A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 AGSKWxU_hKhUBsWwrF_8n5hUE_79kROV-AKess4k0PLcvCzIS8o-Wj3diIdKxE5DgQVMTBHqSqR5MkRcE0isDZ3ej0Q-vZ3vGQVJ0pc6uyMrEJ16-f2cWaNRw8KNSaBDJ_CTtbqrUYAJ1w== Show response
fundingchoicesmessages.google.com/f/ 13 KB
6 KB 109ms
108ms Script
application/javascript 142.251.40.142
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxU_hKhUBsWwrF_8n5hUE_79kROV-AKess4k0PLcvCzIS8o-Wj3diIdKxE5DgQVMTBHqSqR5MkRcE0isDZ3ej0Q-vZ3vGQVJ0pc6uyMrEJ16-f2cWaNRw8KNSaBDJ_CTtbqrUYAJ1w==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNjkxODA4NjEyLDM5NjAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzJ2eDY2NzVjNXdrZjk1cy9PbWVnbGVfbG9hZGluZ192aWRlby1fRnJlZV9Eb3dubG9hZC5tcDQvZmlsZSIsbnVsbCxbWzgsIlQtRkR6ZVF0UjZjIl0sWzksImVuLVVTIl0sWzE5LCIyIl1dXQ

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.T-FDzeQtR6c.es5.O/d=1/rs=AJlcJMw_V9rh8ptu8ozEA5N6fjWXbxqDhw/m=kernel_loader,loader_js_executable

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.40.142 Newark, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s80-in-f14.1e100.net

Software

ESF /

Resource Hash

a81e805391d412d3efdb0cddde1c1239462e560dfc9b1aa491cc5cab27b817b5

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-e2XGfyO3NODW1jrFaxHZdg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:12 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-e2XGfyO3NODW1jrFaxHZdg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubcid.min.js Show response
cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/ 732 B
897 B 74ms
17ms Script
application/javascript 151.101.129.229
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/pubcid.min.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308090102/pubads_impl.js?cb=31076971

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.129.229 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Sat, 12 Aug 2023 02:50:12 GMT
x-content-type-options: nosniff
content-encoding: br
age: 12597
x-jsd-version: master
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 439
x-served-by: cache-fra-eddf8230042-FRA, cache-yyz4562-YYZ
x-jsd-version-type: branch
etag: W/"2dc-IrZxm/sP4aqtIfs1EfEw6Dg5q1Y"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 esp.js Show response
cdn.id5-sync.com/api/1.0/ 112 KB
26 KB 1084ms
28ms Script
text/javascript 104.22.53.86
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/esp.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308090102/pubads_impl.js?cb=31076971

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.22.53.86 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0c750b97759124bffe209a81cfb7a3aa05dd20ca1168314348cb865254f1ce2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:13 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 02 Aug 2023 11:32:19 GMT
server: cloudflare
x-amz-request-id: JWEH3WC5MSEDRJNA
age: 3049
etag: W/"25c6f4638264ba52fb77e06351d38d61"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
cf-ray: 7f5568da3d9636a5-YYZ
x-amz-id-2: yazyUqTn60n6eU1BgtU3QjCSqA1CUyH9Sa3A1QVNvVSYfZTqZdgSjRY5qZG7wsBBcuqfLuQKaTE=

GET
H2 200 esp.js Show response
oa.openxcdn.net/ 24 KB
8 KB 58ms
18ms Script
application/javascript 34.102.146.192
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://oa.openxcdn.net/esp.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308090102/pubads_impl.js?cb=31076971
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.146.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 192.146.102.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 17:41:04 GMT
content-encoding: gzip
age: 1242548
x-guploader-uploadid: ADPycdvDvZe0Z01jCdHT5Ecf289gk-a53knvKZbHffJXvAwkZSFzklBw6kQIW_HDwuJvNMt9v7xv5p8DSdxbFR7DbWj_RQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7927
last-modified: Thu, 27 May 2021 18:30:51 GMT
server: UploadServer
etag: "df5542b88bc0e368c6999754a5b9e2ba"
x-goog-generation: 1622140251693895
x-goog-hash: crc32c=f21hYg==, md5=31VCuIvA42jGmZdUpbniug==
content-type: application/javascript
cache-control: no-transform
x-goog-stored-content-length: 7927
accept-ranges: bytes
expires: Sat, 27 Jul 2024 17:41:04 GMT

GET
H2 200 publishertag.ids.js Show response
static.criteo.net/js/ld/ 43 KB
13 KB 112ms
47ms Script
text/javascript 74.119.119.131
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.ids.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308090102/pubads_impl.js?cb=31076971

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.119.119.131 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

14b4caf239342334bf7b8280605e60f67c33c589762047b8bd67c0552fdb80a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:12 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 03 Aug 2023 11:12:29 GMT
server: nginx
etag: W/"64cb8b9d-aa04"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 13 Aug 2023 02:50:12 GMT

GET
H/1.1 200
OK uid2SecureSignal.js Show response
cdn.prod.uidapi.com/ 2 KB
2 KB 3166ms
35ms Script
text/javascript 18.164.114.27
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.prod.uidapi.com/uid2SecureSignal.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308090102/pubads_impl.js?cb=31076971
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.164.114.27 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-164-114-27.jfk50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a695b8b12c7d88355d0b1b33d6c643a7913bcfbeae91553bd7560019188b1032

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-amz-version-id: null
Date: Fri, 11 Aug 2023 09:10:38 GMT
Via: 1.1 1721c5705940b20c9d951889ca1932b6.cloudfront.net (CloudFront)
Last-Modified: Thu, 04 May 2023 00:14:06 GMT
Server: AmazonS3
X-Amz-Cf-Pop: JFK50-P6
Age: 63578
x-amz-server-side-encryption: AES256
ETag: "4d5acbf33f4a0592ac0515db92fe88e6"
X-Cache: Hit from cloudfront
Content-Type: text/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1858
X-Amz-Cf-Id: rbivOWfwIyJKC9pabY1FtTovBvcKMjI67ndydoeDs_zwLoyOzp9rWw==

GET
H2 200 sync.min.js Show response
tags.crwdcntrl.net/lt/c/16589/ 38 KB
12 KB 36ms
36ms Script
text/javascript 108.138.128.46
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308090102/pubads_impl.js?cb=31076971
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.128.46 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-128-46.jfk50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c0c2ec1f2d626ab278d81abe34d30681f0007e8c79a890165f27e3e1550e99b7

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Fri, 11 Aug 2023 12:15:10 GMT
content-encoding: gzip
via: 1.1 25c8a58d4773aeef98fa0f0f950689bc.cloudfront.net (CloudFront)
last-modified: Wed, 31 May 2023 20:34:33 GMT
server: AmazonS3
x-amz-cf-pop: JFK50-P4
age: 52503
x-amz-server-side-encryption: AES256
etag: W/"550ead3a95bd6cfcd917d45c5f8f4553"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: public, max-age=86400
x-amz-cf-id: d1GsQxM-OBFqTsjniJzSY6PO28JS8Msls7CNwDbramU5TsF4wYrTjw==

GET
H2 200 encrypted-tag-g.js Show response
invstatic101.creativecdn.com/encrypted-signals/ 1 KB
1 KB 159ms
120ms Script
text/javascript 34.96.70.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308090102/pubads_impl.js?cb=31076971
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.70.87 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 87.70.96.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: b04a268fbd6ac543dcd653b1c529871767a5b78cb2a2f40e54bcb0bfe2daa154

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:12 GMT
via: 1.1 google, 1.1 google
last-modified: Thu, 03 Aug 2023 03:28:51 GMT
server: Google Frontend
etag: fc4e6bfe266081c4873c6f08c8298e5c
content-type: text/javascript; charset=utf-8
x-cloud-trace-context: ebd010f9f1780cbb5b3eb47228c3e109
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1207

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 28 KB
12 KB 402ms
402ms XHR
text/plain 142.250.64.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=81814686157749&correlator=3540610124310791&eid=31072020%2C31076475%2C31076923%2C31076971%2C31068367&output=ldjh&gdfp_req=1&vrg=202308090102&ptt=17&impl=fifs&gdpr=0&us_privacy=1---&iu_parts=21882844027%2CDesktop-Zone1&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ifi=1&didk=1441973204&sfv=1-0-40&eri=5&sc=1&cookie_enabled=1&abxe=1&dt=1691808612426&adxs=552&adys=10&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-420&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&bz=1&url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F2vx6675c5wkf95s%2FOmegle_loading_video-_Free_Download.mp4%2Ffile%23&frm=20&vis=1&psz=960x1500&msz=728x-1&fws=0&ohw=0&ga_vid=1193569433.1691808612&ga_sid=1691808612&ga_hid=610715742&ga_fc=true&a3p=EhwKDWNyd2RjbnRybC5uZXQYuYCbvZ4xSABSAghkEhkKCnB1YmNpZC5vcmcYtYCbvZ4xSABSAghkEh0KDmVzcC5jcml0ZW8uY29tGLiAm72eMUgAUgIIZBIXCghydGJob3VzZRi5gJu9njFIAFICCGQSFAoFb3BlbngYt4CbvZ4xSABSAghkEhkKCnVpZGFwaS5jb20YuICbvZ4xSABSAghkEhsKDGlkNS1zeW5jLmNvbRi2gJu9njFIAFICCGQ.&dlt=1691808611283&idt=936&prev_scp=dkey_present%3Dfalse%26buildnumber%3D121913%26dladtemplate%3D51%26button_delay%3Ddisabled%26hb_format_pubmatic%3Dbanner%26hb_size_pubmatic%3D728x90%26hb_pb_pubmatic%3D1.35%26hb_adid_pubmatic%3D1967000fa1ebd23%26hb_bidder_pubmatic%3Dpubmatic%26hb_format%3Dbanner%26hb_size%3D728x90%26hb_pb%3D1.35%26hb_adid%3D1967000fa1ebd23%26hb_bidder%3Dpubmatic%26hb_highestbidder%3Dpubmatic%26hb_highestbid%3D1.35&adks=573839204

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308090102/pubads_impl.js?cb=31076971

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.64.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s31-in-f2.1e100.net

Software

cafe /

Resource Hash

9f2f4d384357ebfaf0542f65566e93b31b3ee4e034d6d489944b844cd8a73342

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:12 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12459
x-xss-protection: 0
google-lineitem-id: 5253692611
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138298581687
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.mediafire.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame D726 6 KB
3 KB 374ms
54ms Document
text/html 142.251.40.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308090102/pubads_impl.js?cb=31076971

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.40.161 Newark, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s81-in-f1.1e100.net

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 12 Aug 2023 02:50:12 GMT
expires: Sun, 11 Aug 2024 02:50:12 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 28 KB
12 KB 349ms
348ms XHR
text/plain 142.250.64.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=81814686157749&correlator=1274782049028196&eid=31072020%2C31076475%2C31076923%2C31076971%2C31068367&output=ldjh&gdfp_req=1&vrg=202308090102&ptt=17&impl=fifs&gdpr=0&us_privacy=1---&iu_parts=21882844027%2CDesktop-Zone2&enc_prev_ius=%2F0%2F1&prev_iu_szs=336x280%7C300x250&ifi=2&didk=3939601268&sfv=1-0-40&eri=5&sc=1&cookie_enabled=1&abxe=1&dt=1691808612440&adxs=320&adys=120&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-420&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&bz=1&url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F2vx6675c5wkf95s%2FOmegle_loading_video-_Free_Download.mp4%2Ffile%23&frm=20&vis=1&psz=960x1500&msz=336x-1&fws=0&ohw=0&ga_vid=1193569433.1691808612&ga_sid=1691808612&ga_hid=610715742&ga_fc=true&a3p=EhwKDWNyd2RjbnRybC5uZXQYuYCbvZ4xSABSAghkEhkKCnB1YmNpZC5vcmcYtYCbvZ4xSABSAghkEh0KDmVzcC5jcml0ZW8uY29tGLiAm72eMUgAUgIIZBIXCghydGJob3VzZRi5gJu9njFIAFICCGQSFAoFb3BlbngYt4CbvZ4xSABSAghkEhkKCnVpZGFwaS5jb20YuICbvZ4xSABSAghkEhsKDGlkNS1zeW5jLmNvbRi2gJu9njFIAFICCGQ.&dlt=1691808611283&idt=936&prev_scp=dkey_present%3Dfalse%26buildnumber%3D121913%26dladtemplate%3D51%26button_delay%3Ddisabled%26hb_format_medianet%3Dbanner%26hb_size_medianet%3D300x250%26hb_pb_medianet%3D0.10%26hb_adid_medianet%3D24941ba0b2a57d2%26hb_bidder_medianet%3Dmedianet%26hb_format_pubmatic%3Dbanner%26hb_size_pubmatic%3D300x250%26hb_pb_pubmatic%3D1.10%26hb_adid_pubmatic%3D20f4e2892f7e372%26hb_bidder_pubmatic%3Dpubmatic%26hb_format%3Dbanner%26hb_size%3D300x250%26hb_pb%3D1.10%26hb_adid%3D20f4e2892f7e372%26hb_bidder%3Dpubmatic%26hb_highestbidder%3Dpubmatic%26hb_highestbid%3D1.10&adks=1218337638

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308090102/pubads_impl.js?cb=31076971

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.64.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s31-in-f2.1e100.net

Software

cafe /

Resource Hash

36c705c576acbc4bc932652c40fd363bd6ece856f46aa31754be548a3356d103

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:12 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12000
x-xss-protection: 0
google-lineitem-id: 5252975466
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138298582680
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.mediafire.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 46 KB
22 KB 434ms
434ms XHR
text/plain 142.250.64.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=81814686157749&correlator=3816042660616944&eid=31072020%2C31076475%2C31076923%2C31076971%2C31068367&output=ldjh&gdfp_req=1&vrg=202308090102&ptt=17&impl=fifs&gdpr=0&us_privacy=1---&iu_parts=21882844027%2CDesktop-Zone3&enc_prev_ius=%2F0%2F1&prev_iu_szs=336x280%7C300x250&ifi=3&didk=3463473514&sfv=1-0-40&eri=5&sc=1&cookie_enabled=1&abxe=1&dt=1691808612447&adxs=320&adys=420&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-420&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&bz=1&url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F2vx6675c5wkf95s%2FOmegle_loading_video-_Free_Download.mp4%2Ffile%23&frm=20&vis=1&psz=960x1500&msz=336x-1&fws=0&ohw=0&ga_vid=1193569433.1691808612&ga_sid=1691808612&ga_hid=610715742&ga_fc=true&a3p=EhwKDWNyd2RjbnRybC5uZXQYuYCbvZ4xSABSAghkEhkKCnB1YmNpZC5vcmcYtYCbvZ4xSABSAghkEh0KDmVzcC5jcml0ZW8uY29tGLiAm72eMUgAUgIIZBIXCghydGJob3VzZRi5gJu9njFIAFICCGQSFAoFb3BlbngYt4CbvZ4xSABSAghkEhkKCnVpZGFwaS5jb20YuICbvZ4xSABSAghkEhsKDGlkNS1zeW5jLmNvbRi2gJu9njFIAFICCGQ.&dlt=1691808611283&idt=936&prev_scp=dkey_present%3Dfalse%26buildnumber%3D121913%26dladtemplate%3D51%26button_delay%3Ddisabled%26hb_format_medianet%3Dbanner%26hb_size_medianet%3D300x250%26hb_pb_medianet%3D0.05%26hb_adid_medianet%3D2518a2065f5e375%26hb_bidder_medianet%3Dmedianet%26hb_format_pubmatic%3Dbanner%26hb_size_pubmatic%3D300x250%26hb_pb_pubmatic%3D0.03%26hb_adid_pubmatic%3D21bd1e7c5df9663%26hb_bidder_pubmatic%3Dpubmatic%26hb_format%3Dbanner%26hb_size%3D300x250%26hb_pb%3D0.05%26hb_adid%3D2518a2065f5e375%26hb_bidder%3Dmedianet%26hb_highestbidder%3Dmedianet%26hb_highestbid%3D0.05&adks=504956327

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308090102/pubads_impl.js?cb=31076971

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.64.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s31-in-f2.1e100.net

Software

cafe /

Resource Hash

3223b29aca8ce09be87bfa5da70205a57b63a4937976ea43bf5e091190850ba4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:12 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
google-mediationgroup-id: 367054
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 22700
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-mediationtag-id: 585547
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.mediafire.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 map Show response
bcp.crwdcntrl.net/6/ 235 B
614 B 48ms
48ms XHR
application/json 54.85.119.254
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://bcp.crwdcntrl.net/6/map
Requested by: Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.85.119.254 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-85-119-254.compute-1.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: fcdb3e9c537977f28236c7be6ead4b207a20e0629b05e2aaea16a5a8c034def4

Request headers

Referer: https://www.mediafire.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sat, 12 Aug 2023 02:50:12 GMT
server: Jetty(9.4.38.v20210224)
content-type: application/json;charset=utf-8
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: https://www.mediafire.com
cache-control: no-cache
x-server: 10.40.42.171
access-control-allow-credentials: true
content-length: 235
expires: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 28 KB
12 KB 472ms
472ms XHR
text/plain 142.250.64.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=81814686157749&correlator=3773339629162938&eid=31072020%2C31076475%2C31076923%2C31076971%2C31068367&output=ldjh&gdfp_req=1&vrg=202308090102&ptt=17&impl=fifs&gdpr=0&us_privacy=1---&iu_parts=21882844027%2CDesktop-Zone4&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ifi=4&didk=2616824447&sfv=1-0-40&eri=5&sc=1&cookie_enabled=1&abxe=1&dt=1691808612472&adxs=430&adys=1095&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-420&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&bz=1&url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F2vx6675c5wkf95s%2FOmegle_loading_video-_Free_Download.mp4%2Ffile%23&frm=20&vis=1&psz=960x1500&msz=728x90&fws=0&ohw=0&ga_vid=1193569433.1691808612&ga_sid=1691808612&ga_hid=610715742&ga_fc=true&a3p=EhwKDWNyd2RjbnRybC5uZXQYuYCbvZ4xSABSAghkEhkKCnB1YmNpZC5vcmcYtYCbvZ4xSABSAghkEh0KDmVzcC5jcml0ZW8uY29tGLiAm72eMUgAUgIIZBIXCghydGJob3VzZRi5gJu9njFIAFICCGQSFAoFb3BlbngYt4CbvZ4xSABSAghkEhkKCnVpZGFwaS5jb20YuICbvZ4xSABSAghkEhsKDGlkNS1zeW5jLmNvbRi2gJu9njFIAFICCGQ.&dlt=1691808611283&idt=936&prev_scp=dkey_present%3Dfalse%26buildnumber%3D121913%26dladtemplate%3D51%26button_delay%3Ddisabled%26hb_format_pubmatic%3Dbanner%26hb_size_pubmatic%3D728x90%26hb_pb_pubmatic%3D1.30%26hb_adid_pubmatic%3D226e5fde4f461fd%26hb_bidder_pubmatic%3Dpubmatic%26hb_format%3Dbanner%26hb_size%3D728x90%26hb_pb%3D1.30%26hb_adid%3D226e5fde4f461fd%26hb_bidder%3Dpubmatic%26hb_highestbidder%3Dpubmatic%26hb_highestbid%3D1.30&adks=1742890523

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308090102/pubads_impl.js?cb=31076971

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.64.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s31-in-f2.1e100.net

Software

cafe /

Resource Hash

dc73a477fbcae789bdc30ad897438fa227873c50941cfbafd8abba1dfbc2b000

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:12 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12024
x-xss-protection: 0
google-lineitem-id: 5252975442
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138298581687
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.mediafire.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

esp Show response
oajs.openx.net/
Redirect Chain

https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F2vx6675c5wkf95s%2FOmegle_loading_video-_Free_Download.mp4%2Ffile%23&rid=esp
https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F2vx6675c5wkf95s%2FOmegle_loading_video-_Free_Download.mp4%2Ffile%23&rid=esp&cc=1

85 B
203 B

42ms
41ms

Fetch
application/json

34.120.135.53
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F2vx6675c5wkf95s%2FOmegle_loading_video-_Free_Download.mp4%2Ffile%23&rid=esp&cc=1
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file
Protocol: H2
Server: 34.120.135.53 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 53.135.120.34.bc.googleusercontent.com
Software: / Express
Resource Hash: ef5c05f4b2ffe159d9a038296fc9d02de5d69fd18500028b9b84a524f66a39d9

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:12 GMT
via: 1.1 google
x-powered-by: Express
etag: W/"55-N9E39f+OgEzUZpah7wDITofzi3k"
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.mediafire.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 85

Redirect headers

date: Sat, 12 Aug 2023 02:50:12 GMT
via: 1.1 google
x-powered-by: Express
vary: Origin
access-control-allow-origin: https://www.mediafire.com
location: /esp?url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F2vx6675c5wkf95s%2FOmegle_loading_video-_Free_Download.mp4%2Ffile%23&rid=esp&cc=1
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 pd Show response
google-bidout-d.openx.net/w/1.0/ Frame 9099 0
176 B 69ms
28ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Requested by: Host: oa.openxcdn.net
URL: https://oa.openxcdn.net/esp.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.mediafire.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 20
content-type: text/html
date: Sat, 12 Aug 2023 02:50:12 GMT
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

GET
H2 200 container.html Show response
90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 2BF7 6 KB
3 KB 31ms
30ms Document
text/html 142.251.40.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308090102/pubads_impl.js?cb=31076971

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.40.161 Newark, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s81-in-f1.1e100.net

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 12 Aug 2023 02:50:12 GMT
expires: Sun, 11 Aug 2024 02:50:12 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 container.html Show response
90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 077C 6 KB
3 KB 32ms
31ms Document
text/html 142.251.40.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308090102/pubads_impl.js?cb=31076971

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.40.161 Newark, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s81-in-f1.1e100.net

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 12 Aug 2023 02:50:12 GMT
expires: Sun, 11 Aug 2024 02:50:12 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 2BF7 24 KB
7 KB 101ms
30ms Script
text/javascript 142.251.40.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com
URL: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.40.193 Newark, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s38-in-f1.1e100.net

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Thu, 10 Aug 2023 14:59:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 129042
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 09 Aug 2024 14:59:30 GMT

GET
H2 200 creative.js Show response
cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/ Frame 2BF7 26 KB
9 KB 20ms
17ms Script
application/javascript 151.101.129.229
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js

Requested by

Host: 90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com
URL: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.129.229 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e0bfcf41c566f571ea252620518b4bee4496dba2b1df9a1aa3e436f81592e1b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Sat, 12 Aug 2023 02:50:12 GMT
x-content-type-options: nosniff
content-encoding: br
age: 4264
x-jsd-version: 1.15.0
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 9276
x-served-by: cache-fra-eddf8230064-FRA, cache-yyz4562-YYZ
x-jsd-version-type: version
etag: W/"6658-uUC6DsKFQz3nsj0JP3lp528lwJQ"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2BF7 179 KB
57 KB 156ms
74ms Script
text/javascript 142.251.32.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com
URL: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.32.98 Marriottsville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s77-in-f2.1e100.net

Software

sffe /

Resource Hash

668c3d4710b07f2327e63f68caefd38b90999af3e3614532b9c0eafc51ac383c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57470
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1691580806885528"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 12 Aug 2023 02:50:13 GMT

GET
H3 200 container.html Show response
90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 5D09 6 KB
3 KB 33ms
30ms Document
text/html 142.251.40.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308090102/pubads_impl.js?cb=31076971

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.161 Newark, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s81-in-f1.1e100.net

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 12 Aug 2023 02:50:12 GMT
expires: Sun, 11 Aug 2024 02:50:12 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 077C 24 KB
6 KB 49ms
33ms Script
text/javascript 142.251.40.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com
URL: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.40.193 Newark, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s38-in-f1.1e100.net

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Thu, 10 Aug 2023 14:59:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 129042
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 09 Aug 2024 14:59:30 GMT

GET
H3 200 creative.js Show response
cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/ Frame 077C 26 KB
9 KB 18ms
17ms Script
application/javascript 151.101.129.229
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js

Requested by

Host: 90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com
URL: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

151.101.129.229 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e0bfcf41c566f571ea252620518b4bee4496dba2b1df9a1aa3e436f81592e1b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Sat, 12 Aug 2023 02:50:12 GMT
x-content-type-options: nosniff
content-encoding: br
age: 4265
x-jsd-version: 1.15.0
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 9276
x-served-by: cache-fra-eddf8230064-FRA, cache-yyz4528-YYZ
x-jsd-version-type: version
etag: W/"6658-uUC6DsKFQz3nsj0JP3lp528lwJQ"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 077C 179 KB
56 KB 167ms
139ms Script
text/javascript 142.251.32.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com
URL: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.32.98 Marriottsville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s77-in-f2.1e100.net

Software

sffe /

Resource Hash

668c3d4710b07f2327e63f68caefd38b90999af3e3614532b9c0eafc51ac383c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57470
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1691580806885528"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 12 Aug 2023 02:50:13 GMT

GET
H3 200 container.html Show response
90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 8E5F 6 KB
3 KB 30ms
30ms Document
text/html 142.251.40.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308090102/pubads_impl.js?cb=31076971

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.161 Newark, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s81-in-f1.1e100.net

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 12 Aug 2023 02:50:12 GMT
expires: Sun, 11 Aug 2024 02:50:12 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 cw.js Show response
hbx.media.net/creativewrapper/0-0-1/js/ Frame 5D09 2 KB
1 KB 134ms
49ms Script
application/javascript 23.198.216.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://hbx.media.net/creativewrapper/0-0-1/js/cw.js

Requested by

Host: 90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com
URL: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.198.216.24 Piscataway, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-198-216-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

618324322be1f1efedd5d524cef46c7596c9e1896e03b1abb695e0afeb267ffd

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400 ; includeSubDomains, max-age=604800

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=86400 ; includeSubDomains, max-age=604800
content-encoding: gzip
date: Sat, 12 Aug 2023 02:50:13 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=547225
content-length: 1091
expires: Fri, 18 Aug 2023 10:50:38 GMT

GET
H2 200 release-20230329-99-adperformance.js Show response
warp.media.net/rtb/resources/ Frame 5D09 71 KB
25 KB 290ms
39ms Script
application/javascript 23.198.216.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://warp.media.net/rtb/resources/release-20230329-99-adperformance.js

Requested by

Host: 90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com
URL: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.198.216.24 Piscataway, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-198-216-24.deploy.static.akamaitechnologies.com

Software

UploadServer /

Resource Hash

529040ffb31edc3b458168066d513769520e983e2cc9ffb8d6c9ea0d98c57a11

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=604800
content-encoding: gzip
date: Sat, 12 Aug 2023 02:50:13 GMT
x-guploader-uploadid: ADPycdvIA07uolGXKB2ssiwsyDgqMV4zKQeEzrGWzE-0qe0mB_SYBHuFlR0hWZLANlGZBaEyJeskGsWCcGiO_fk5GCOg0Q
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 25080
server: UploadServer
etag: "821663833b8f83b3092ebbca9ed4a6f2"
vary: Accept-Encoding
x-goog-hash: md5=ghZjgzuPg7MJLrvKntSm8g==, crc32c=XNaW9A==
content-type: application/javascript
x-goog-generation: 1680095338448196
cache-control: max-age=3600
x-goog-stored-content-length: 73074
expires: Sat, 12 Aug 2023 03:50:13 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230809/r20110914/client/ Frame 5D09 3 KB
1 KB 35ms
34ms Script
text/javascript 142.251.40.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230809/r20110914/client/window_focus_fy2021.js

Requested by

Host: 90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com
URL: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.40.193 Newark, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s38-in-f1.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Fri, 11 Aug 2023 23:51:55 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10698
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 25 Aug 2023 23:51:55 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230809/r20110914/client/ Frame 5D09 20 KB
8 KB 31ms
30ms Script
text/javascript 142.251.40.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230809/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com
URL: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.40.193 Newark, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s38-in-f1.1e100.net

Software

cafe /

Resource Hash

40cd1ad9d1bdbded676fc0fc4408ce80371fab72a26fce6c873e50c01e44e1e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Fri, 11 Aug 2023 23:51:55 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10698
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8262
x-xss-protection: 0
server: cafe
etag: 6392178368060142121
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 25 Aug 2023 23:51:55 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 5D09 24 KB
6 KB 35ms
35ms Script
text/javascript 142.251.40.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com
URL: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.40.193 Newark, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s38-in-f1.1e100.net

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Thu, 10 Aug 2023 14:59:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 129043
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 09 Aug 2024 14:59:30 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5D09 179 KB
56 KB 120ms
120ms Script
text/javascript 142.251.32.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com
URL: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.32.98 Marriottsville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s77-in-f2.1e100.net

Software

sffe /

Resource Hash

668c3d4710b07f2327e63f68caefd38b90999af3e3614532b9c0eafc51ac383c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57470
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1691580806885528"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 12 Aug 2023 02:50:13 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 2BF7 0
0 49ms
49ms Fetch
image/gif 142.250.64.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvv0XJd5ErvLDqDe55_4rnYxrP2yXTiQUPANqLtsHs37x2gCJgizWvWVSfNThHJQ6O8BThpSc5dJO4pbtAnT1CNMeErHvVoBeEx9kWxqrngNCxXnEPmomB-zV7r3fkCsz05PoJ8kpIyMhBkQeEW-V0HXF6NLczP-EExqLBb6biwc1O99wJtcMkI541VpqqAUZGMdDaUJcKxrRWEma8C4N0eBMBJ60qcMXJQ-lZx8axccAUuncOrPoR7yp_hQXy6vwrGdkdGOtFFsq4j4lU0FU12rZSR1tHT1R1gy9Yy_onlEubAp-YDilBgxIy48snCzD16Iz-nwYIwa3gY&sai=AMfl-YSMppfz8gssquLsND5pBZ5nKZ43vt5HR6mxfry3FOPw8hKp2vpoIgU_Jjah6KkAKWQfvaLfmsZZWhjo7eAZh9jNZ0QXdztX1VM2j2Mrfj4_oGzZaUswKCXKBJmFqnUtG5cWQnxQ1vjqPHqZhiRy&sig=Cg0ArKJSzHthc7vBDhxgEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com
URL: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.64.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s31-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:13 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 12 Aug 2023 02:50:13 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 8E5F 24 KB
6 KB 32ms
31ms Script
text/javascript 142.251.40.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com
URL: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.40.193 Newark, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s38-in-f1.1e100.net

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Thu, 10 Aug 2023 14:59:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 129043
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 09 Aug 2024 14:59:30 GMT

GET
H3 200 creative.js Show response
cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/ Frame 8E5F 26 KB
9 KB 18ms
17ms Script
application/javascript 151.101.129.229
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js

Requested by

Host: 90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com
URL: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

151.101.129.229 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e0bfcf41c566f571ea252620518b4bee4496dba2b1df9a1aa3e436f81592e1b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Sat, 12 Aug 2023 02:50:13 GMT
x-content-type-options: nosniff
content-encoding: br
age: 4265
x-jsd-version: 1.15.0
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 9276
x-served-by: cache-fra-eddf8230064-FRA, cache-yyz4528-YYZ
x-jsd-version-type: version
etag: W/"6658-uUC6DsKFQz3nsj0JP3lp528lwJQ"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 8E5F 179 KB
56 KB 77ms
77ms Script
text/javascript 142.251.32.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com
URL: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.32.98 Marriottsville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s77-in-f2.1e100.net

Software

sffe /

Resource Hash

668c3d4710b07f2327e63f68caefd38b90999af3e3614532b9c0eafc51ac383c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57470
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1691580806885528"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 12 Aug 2023 02:50:13 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 077C 0
0 48ms
48ms Fetch
image/gif 142.250.64.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssb6CCZeZ1BwlBVKceDeEbZThlairU7Vq8uz4EZbmPHJlzC754qfAReNJcnl0iO6W_ho_7msdug-eFx1DAXwv8lxDcC-Al3s4qgrn-h5WpRENIIZwOs1n0wKgi-ptcaIxg8pxD6hipU5J9QQ0Fk-B0CSr0tthjN_R4zZAgFcXlXjLEJLkdZLG0CPkCpJ6P5GxtVnS6_SRpv5IeCmTb3k52rfgxyFsyQoZXHpSos9CMC6u3jFCBSYccUxWAwHwRYV2X95Ur7zGI8FFa-WKcERv7WXV2EI-AHFRUpl0Z8GPuM2ETYZFVsPmaL9PPJjluh5CBK9e8qAs8kGBo&sai=AMfl-YQ4bOHov1q8T8yMalsRoNvQ2CpzNQ7zyV2epABQK5Bippe09Wh1rI3A_e8gyxY9nygT6GvSytCJvmT8w2Xud0LjtFx_cscGh1h8SZaeCCxD2FNRtPMTZAi861GttHtv5-hFQVHCfVF5hHO44Um0&sig=Cg0ArKJSzKyufnPOa7NgEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com
URL: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.64.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s31-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:13 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 12 Aug 2023 02:50:13 GMT

GET
H2 200 dcmads.js Show response
www.googletagservices.com/dcm/ Frame 9E34 16 KB
7 KB 48ms
45ms Script
text/javascript 142.251.32.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/dcmads.js

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.32.98 Marriottsville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s77-in-f2.1e100.net

Software

sffe /

Resource Hash

d72c9fb59846aff6405d2973c81bd8da823493502fab893e026a736a1ba01838

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 01:56:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3232
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6830
x-xss-protection: 0
last-modified: Wed, 24 May 2023 18:59:20 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Sat, 12 Aug 2023 02:56:21 GMT

GET
H2 204 Imps
rtb.adentifi.com/ Frame 9E34 0
285 B 1142ms
36ms Image
text/plain 34.230.170.218
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.adentifi.com/Imps?impId=1;adId=f5171ff3-38ba-11ee-b046-12dcbb85a80d;lId=66202;sId=572529;cId=12483;crId=334144;adThdId=08cf3de0c6ac4a825de489216705c8d4;adExchange=PubMatic;engineId=i-0069bcf5693b52a6a;dealId=0;geoId=38450;inventoryId=251148;rtdmIndicator=1;timestamp=1691808612;property=mediafire.com;dIp=ODYuNDguMTQuMzQ;adThdIdCode=WEB_MD5;thirdPartyIdType=0
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.230.170.218 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-230-170-218.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:14 GMT

GET
H2 204 CookieSyncPubMatic
rtb.adentifi.com/ Frame 9E34 0
284 B 1152ms
46ms Image
text/plain 34.230.170.218
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.adentifi.com/CookieSyncPubMatic?gdpr=0
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.230.170.218 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-230-170-218.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:14 GMT

GET
H2 204 CookieAdobe
rtb.adentifi.com/ Frame 9E34 0
284 B 1154ms
48ms Image
text/plain 34.230.170.218
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.adentifi.com/CookieAdobe?gdpr=0
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.230.170.218 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-230-170-218.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:14 GMT

GET
H2 204 CookieNeustar
rtb.adentifi.com/ Frame 9E34 0
284 B 1154ms
49ms Image
text/plain 34.230.170.218
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.adentifi.com/CookieNeustar?gdpr=0
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.230.170.218 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-230-170-218.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:14 GMT

GET
H2 204 CookieLiveRamp
rtb.adentifi.com/ Frame 9E34 0
284 B 1154ms
48ms Image
text/plain 34.230.170.218
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.adentifi.com/CookieLiveRamp?gdpr=0
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.230.170.218 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-230-170-218.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:14 GMT

GET
H2 204 CookieBlueKai
rtb.adentifi.com/ Frame 9E34 0
286 B 1150ms
45ms Image
text/plain 34.230.170.218
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.adentifi.com/CookieBlueKai?gdpr=0
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.230.170.218 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-230-170-218.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:14 GMT

GET
H2

200

tpid=cuid_f6414811-38ba-11ee-94b7-1297b61989fd
sync.crwdcntrl.net/map/c=13119/tp=ADTN/ Frame 9E34
Redirect Chain

https://rtb.adentifi.com/CookieLotame?gdpr=0
https://sync.crwdcntrl.net/map/c=13119/tp=ADTN/tpid=cuid_f6414811-38ba-11ee-94b7-1297b61989fd

49 B
265 B

54ms
40ms

Image
image/gif

54.85.119.254
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/map/c=13119/tp=ADTN/tpid=cuid_f6414811-38ba-11ee-94b7-1297b61989fd
Requested by: Host: 90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com
URL: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Server: 54.85.119.254 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-85-119-254.compute-1.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 12 Aug 2023 02:50:14 GMT
server: Jetty(9.4.38.v20210224)
content-type: image/gif
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.40.12.140
content-length: 49
expires: 0

Redirect headers

location: https://sync.crwdcntrl.net/map/c=13119/tp=ADTN/tpid=cuid_f6414811-38ba-11ee-94b7-1297b61989fd
date: Sat, 12 Aug 2023 02:50:14 GMT
content-type: text/plain

GET
H2

204

usermatch.gif
beacon.krxd.net/ Frame 9E34
Redirect Chain

https://rtb.adentifi.com/CookieKrux?gdpr=0
https://beacon.krxd.net/usermatch.gif?partner=adtheorent&partner_uid=cuid_f6414811-38ba-11ee-94b7-1297b61989fd

0
338 B

358ms
34ms

Image
text/plain

34.196.116.51
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?partner=adtheorent&partner_uid=cuid_f6414811-38ba-11ee-94b7-1297b61989fd
Requested by: Host: 90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com
URL: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Server: 34.196.116.51 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-196-116-51.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-served-by: beacon-n012-ash-prod.krxd.net
date: Sat, 12 Aug 2023 02:50:14 GMT
cache-control: private, no-cache, no-store
x-request-time: D=51 t=1691808614
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location: https://beacon.krxd.net/usermatch.gif?partner=adtheorent&partner_uid=cuid_f6414811-38ba-11ee-94b7-1297b61989fd
date: Sat, 12 Aug 2023 02:50:14 GMT
content-type: text/plain

GET
H/1.1

200
OK

58383
i6.liadm.com/s/ Frame 9E34
Redirect Chain

https://rtb.adentifi.com/CookieLiveIntent?gdpr=0
https://i.liadm.com/s/58383?bidder_id=212430&bidder_uuid=cuid_f6414811-38ba-11ee-94b7-1297b61989fd
https://i.liadm.com/s/58383?bidder_id=212430&bidder_uuid=cuid_f6414811-38ba-11ee-94b7-1297b61989fd&_li_chk=true&previous_uuid=593af67a18f44085aea8fae1206c4dec
https://i6.liadm.com/s/58383?bidder_id=212430&bidder_uuid=cuid_f6414811-38ba-11ee-94b7-1297b61989fd

43 B
274 B

187ms
35ms

Image
image/gif

54.236.93.201

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i6.liadm.com/s/58383?bidder_id=212430&bidder_uuid=cuid_f6414811-38ba-11ee-94b7-1297b61989fd

Requested by

Host: 90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com
URL: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

HTTP/1.1

Server

54.236.93.201 -, , ASN (),

Reverse DNS

Software

Resource Hash

caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Sat, 12 Aug 2023 02:50:21 GMT
Cache-Control: no-store
Strict-Transport-Security: max-age=31536000; includeSubDomains
Connection: keep-alive
Content-Length: 43
Request-Time: 0
Content-Type: image/gif

Redirect headers

Location: https://i6.liadm.com/s/58383?bidder_id=212430&bidder_uuid=cuid_f6414811-38ba-11ee-94b7-1297b61989fd
Date: Sat, 12 Aug 2023 02:50:21 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Connection: keep-alive
Content-Length: 0
Request-Time: 3

GET
H2

200

insync
thrtle.com/ Frame 9E34
Redirect Chain

https://rtb.adentifi.com/CookieThrotle?gdpr=0
https://thrtle.com/insync?vxii_pid=10077&vxii_pdid=cuid_f6414811-38ba-11ee-94b7-1297b61989fd
https://thrtle.com/insync?vxii_pdid=cuid_f6414811-38ba-11ee-94b7-1297b61989fd&vxii_pid=12&vxii_pid1=10077&vxii_rcid=3bb5b120-63fc-43c1-a977-709af6411a48

43 B
294 B

52ms
51ms

Image
image/gif

18.233.70.253
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://thrtle.com/insync?vxii_pdid=cuid_f6414811-38ba-11ee-94b7-1297b61989fd&vxii_pid=12&vxii_pid1=10077&vxii_rcid=3bb5b120-63fc-43c1-a977-709af6411a48
Requested by: Host: 90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com
URL: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Server: 18.233.70.253 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-233-70-253.compute-1.amazonaws.com
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

p3p: CP="NOI OUR BUS UNI COM NAV"
date: Sat, 12 Aug 2023 02:50:17 GMT
content-length: 43
content-type: image/gif

Redirect headers

location: https://thrtle.com/insync?vxii_pdid=cuid_f6414811-38ba-11ee-94b7-1297b61989fd&vxii_pid=12&vxii_pid1=10077&vxii_rcid=3bb5b120-63fc-43c1-a977-709af6411a48
date: Sat, 12 Aug 2023 02:50:17 GMT
content-type: text/html; charset=utf-8
content-length: 187
p3p: CP="NOI OUR BUS UNI COM NAV"

GET
H2 200 ca Show response
choices.truste.com/ Frame 9E34 27 KB
10 KB 157ms
49ms Script
text/javascript 18.164.116.28
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://choices.truste.com/ca?pid=adtheorent01&aid=adtheorent01&cid=12483&c=adtheorent01cont334144&w=300&h=250&js=pmw0&plc=tr&uid=08cf3de0c6ac4a825de489216705c8d4

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.164.116.28 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-164-116-28.jfk50.r.cloudfront.net

Software

nginx /

Resource Hash

8d42bc0130428d3921d07f31016f289b72b137074dd9c4428b03ef3c7a3dfbba

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' ; font-src 'self' ; style-src 'self' 'unsafe-inline' ; img-src 'self' data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' ; frame-ancestors 'self' ; connect-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; object-src 'self' ; media-src 'self' ; child-src 'self' ; worker-src 'self' ; manifest-src 'self' *;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 54a56da0fe0bae919389c7d572d4720e.cloudfront.net (CloudFront)
content-security-policy: default-src 'self' 'unsafe-eval' *; font-src 'self' *; style-src 'self' 'unsafe-inline' *; img-src 'self' * data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' *; frame-ancestors 'self' *; connect-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; object-src 'self' *; media-src 'self' *; child-src 'self' *; worker-src 'self' *; manifest-src 'self' *;
x-amz-cf-pop: JFK50-P6
cross-origin-embedder-policy: unsafe-none
x-cache: Miss from cloudfront
cross-origin-resource-policy: cross-origin
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: origin
server: nginx
cross-origin-opener-policy: unsafe-none
expect-ct: max-age=31536000
x-frame-options: SAMEORIGIN
vary: Accept-Encoding, Origin
content-type: text/javascript;charset=UTF-8
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy: geolocation=(), microphone=(), payment=()
x-amz-cf-id: IRp60goJIamCq7-VtAOPaUCR9bM2MpZcNXiKT9Z0giPM-0ni3mRdFw==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 Wins
rtb.adentifi.com/ Frame 9E34 1 B
128 B 37ms
35ms Image
text/html 34.230.170.218
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.adentifi.com/Wins?price=1.332827;impId=1;lId=66202;sId=572529;cId=12483;crId=334144;adExchange=PubMatic;engineId=i-0069bcf5693b52a6a;adThdId=08cf3de0c6ac4a825de489216705c8d4;property=mediafire.com;dIp=ODYuNDguMTQuMzQ;dealId=0;geoId=38450;inventoryId=251148;rtdmIndicator=1;isDoubleVerify=false;timestamp=1691808612;bidPrice=MS43NDYyNjA1NTYyNTAwMDAy;transactCurr=2;transactConvRate=1.344;agencyCurr=1;agencyConvRate=1.0;billCurr=1;billConvRate=1.0;adId=f5171ff3-38ba-11ee-b046-12dcbb85a80d
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.230.170.218 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-230-170-218.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 12 Aug 2023 02:50:14 GMT
access-control-allow-methods: GET, POST, DELETE, PUT
content-type: text/html

GET
H2 200 dcmads.js Show response
www.googletagservices.com/dcm/ Frame 8BB3 16 KB
7 KB 35ms
29ms Script
text/javascript 142.251.32.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/dcmads.js

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.32.98 Marriottsville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s77-in-f2.1e100.net

Software

sffe /

Resource Hash

d72c9fb59846aff6405d2973c81bd8da823493502fab893e026a736a1ba01838

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 01:56:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3232
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6830
x-xss-protection: 0
last-modified: Wed, 24 May 2023 18:59:20 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Sat, 12 Aug 2023 02:56:21 GMT

GET
H2 204 Imps
rtb.adentifi.com/ Frame 8BB3 0
284 B 1142ms
51ms Image
text/plain 34.230.170.218
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.adentifi.com/Imps?impId=1;adId=f5183166-38ba-11ee-85c5-126ed29d825d;lId=66202;sId=572529;cId=12483;crId=334143;adThdId=08cf3de0c6ac4a825de489216705c8d4;adExchange=PubMatic;engineId=i-0f07103def907017e;dealId=0;geoId=38450;inventoryId=251148;rtdmIndicator=1;timestamp=1691808612;property=mediafire.com;dIp=ODYuNDguMTQuMzQ;adThdIdCode=WEB_MD5;thirdPartyIdType=0
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.230.170.218 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-230-170-218.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:14 GMT

GET
H2 204 CookieSyncPubMatic
rtb.adentifi.com/ Frame 8BB3 0
284 B 1140ms
49ms Image
text/plain 34.230.170.218
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.adentifi.com/CookieSyncPubMatic?gdpr=0
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.230.170.218 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-230-170-218.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:14 GMT

GET
H2 204 CookieAdobe
rtb.adentifi.com/ Frame 8BB3 0
286 B 1142ms
52ms Image
text/plain 34.230.170.218
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.adentifi.com/CookieAdobe?gdpr=0
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.230.170.218 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-230-170-218.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:14 GMT

GET
H2 204 CookieNeustar
rtb.adentifi.com/ Frame 8BB3 0
284 B 1130ms
39ms Image
text/plain 34.230.170.218
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.adentifi.com/CookieNeustar?gdpr=0
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.230.170.218 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-230-170-218.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:14 GMT

GET
H2 204 CookieLiveRamp
rtb.adentifi.com/ Frame 8BB3 0
286 B 1130ms
40ms Image
text/plain 34.230.170.218
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.adentifi.com/CookieLiveRamp?gdpr=0
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.230.170.218 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-230-170-218.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:14 GMT

GET
H2 204 CookieBlueKai
rtb.adentifi.com/ Frame 8BB3 0
284 B 1127ms
37ms Image
text/plain 34.230.170.218
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.adentifi.com/CookieBlueKai?gdpr=0
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.230.170.218 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-230-170-218.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:14 GMT

GET
H2

200

tpid=cuid_f6414811-38ba-11ee-94b7-1297b61989fd
sync.crwdcntrl.net/map/c=13119/tp=ADTN/ Frame 8BB3
Redirect Chain

https://rtb.adentifi.com/CookieLotame?gdpr=0
https://sync.crwdcntrl.net/map/c=13119/tp=ADTN/tpid=cuid_f6414811-38ba-11ee-94b7-1297b61989fd

49 B
263 B

52ms
39ms

Image
image/gif

54.85.119.254
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/map/c=13119/tp=ADTN/tpid=cuid_f6414811-38ba-11ee-94b7-1297b61989fd
Requested by: Host: 90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com
URL: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Server: 54.85.119.254 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-85-119-254.compute-1.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 12 Aug 2023 02:50:14 GMT
server: Jetty(9.4.38.v20210224)
content-type: image/gif
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.40.0.52
content-length: 49
expires: 0

Redirect headers

location: https://sync.crwdcntrl.net/map/c=13119/tp=ADTN/tpid=cuid_f6414811-38ba-11ee-94b7-1297b61989fd
date: Sat, 12 Aug 2023 02:50:14 GMT
content-type: text/plain

GET
H2

204

usermatch.gif
beacon.krxd.net/ Frame 8BB3
Redirect Chain

https://rtb.adentifi.com/CookieKrux?gdpr=0
https://beacon.krxd.net/usermatch.gif?partner=adtheorent&partner_uid=cuid_f6414811-38ba-11ee-94b7-1297b61989fd

0
337 B

358ms
35ms

Image
text/plain

34.196.116.51
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?partner=adtheorent&partner_uid=cuid_f6414811-38ba-11ee-94b7-1297b61989fd
Requested by: Host: 90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com
URL: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Server: 34.196.116.51 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-196-116-51.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-served-by: beacon-n011-ash-prod.krxd.net
date: Sat, 12 Aug 2023 02:50:14 GMT
cache-control: private, no-cache, no-store
x-request-time: D=38 t=1691808614
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location: https://beacon.krxd.net/usermatch.gif?partner=adtheorent&partner_uid=cuid_f6414811-38ba-11ee-94b7-1297b61989fd
date: Sat, 12 Aug 2023 02:50:14 GMT
content-type: text/plain

GET
H/1.1

200
OK

58383
i6.liadm.com/s/ Frame 8BB3
Redirect Chain

https://rtb.adentifi.com/CookieLiveIntent?gdpr=0
https://i.liadm.com/s/58383?bidder_id=212430&bidder_uuid=cuid_f6414811-38ba-11ee-94b7-1297b61989fd
https://i.liadm.com/s/58383?bidder_id=212430&bidder_uuid=cuid_f6414811-38ba-11ee-94b7-1297b61989fd&_li_chk=true&previous_uuid=e527ffcb16bb4b7489c0e5bb9408cf52
https://i6.liadm.com/s/58383?bidder_id=212430&bidder_uuid=cuid_f6414811-38ba-11ee-94b7-1297b61989fd

43 B
274 B

216ms
35ms

Image
image/gif

54.236.93.201

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i6.liadm.com/s/58383?bidder_id=212430&bidder_uuid=cuid_f6414811-38ba-11ee-94b7-1297b61989fd

Requested by

Host: 90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com
URL: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

HTTP/1.1

Server

54.236.93.201 -, , ASN (),

Reverse DNS

Software

Resource Hash

caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Sat, 12 Aug 2023 02:50:21 GMT
Cache-Control: no-store
Strict-Transport-Security: max-age=31536000; includeSubDomains
Connection: keep-alive
Content-Length: 43
Request-Time: 0
Content-Type: image/gif

Redirect headers

Location: https://i6.liadm.com/s/58383?bidder_id=212430&bidder_uuid=cuid_f6414811-38ba-11ee-94b7-1297b61989fd
Date: Sat, 12 Aug 2023 02:50:21 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Connection: keep-alive
Content-Length: 0
Request-Time: 3

GET
H2

200

insync
thrtle.com/ Frame 8BB3
Redirect Chain

https://rtb.adentifi.com/CookieThrotle?gdpr=0
https://thrtle.com/insync?vxii_pid=10077&vxii_pdid=cuid_f6414811-38ba-11ee-94b7-1297b61989fd
https://thrtle.com/insync?vxii_pdid=cuid_f6414811-38ba-11ee-94b7-1297b61989fd&vxii_pid=12&vxii_pid1=10077&vxii_rcid=63945211-b9ad-4f73-b03b-af567813f4f4

43 B
294 B

53ms
53ms

Image
image/gif

18.233.70.253
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://thrtle.com/insync?vxii_pdid=cuid_f6414811-38ba-11ee-94b7-1297b61989fd&vxii_pid=12&vxii_pid1=10077&vxii_rcid=63945211-b9ad-4f73-b03b-af567813f4f4
Requested by: Host: 90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com
URL: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Server: 18.233.70.253 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-233-70-253.compute-1.amazonaws.com
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

p3p: CP="NOI OUR BUS UNI COM NAV"
date: Sat, 12 Aug 2023 02:50:17 GMT
content-length: 43
content-type: image/gif

Redirect headers

location: https://thrtle.com/insync?vxii_pdid=cuid_f6414811-38ba-11ee-94b7-1297b61989fd&vxii_pid=12&vxii_pid1=10077&vxii_rcid=63945211-b9ad-4f73-b03b-af567813f4f4
date: Sat, 12 Aug 2023 02:50:17 GMT
content-type: text/html; charset=utf-8
content-length: 187
p3p: CP="NOI OUR BUS UNI COM NAV"

GET
H2 200 ca Show response
choices.truste.com/ Frame 8BB3 27 KB
10 KB 146ms
53ms Script
text/javascript 18.164.116.28
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://choices.truste.com/ca?pid=adtheorent01&aid=adtheorent01&cid=12483&c=adtheorent01cont334143&w=728&h=90&js=pmw0&plc=tr&uid=08cf3de0c6ac4a825de489216705c8d4

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.164.116.28 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-164-116-28.jfk50.r.cloudfront.net

Software

nginx /

Resource Hash

8f0ac09fd1c5264d71eb7d98b593c70601031bf6240774d1c4f216857c77d3c4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' ; font-src 'self' ; style-src 'self' 'unsafe-inline' ; img-src 'self' data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' ; frame-ancestors 'self' ; connect-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; object-src 'self' ; media-src 'self' ; child-src 'self' ; worker-src 'self' ; manifest-src 'self' *;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 54a56da0fe0bae919389c7d572d4720e.cloudfront.net (CloudFront)
content-security-policy: default-src 'self' 'unsafe-eval' *; font-src 'self' *; style-src 'self' 'unsafe-inline' *; img-src 'self' * data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' *; frame-ancestors 'self' *; connect-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; object-src 'self' *; media-src 'self' *; child-src 'self' *; worker-src 'self' *; manifest-src 'self' *;
x-amz-cf-pop: JFK50-P6
cross-origin-embedder-policy: unsafe-none
x-cache: Miss from cloudfront
cross-origin-resource-policy: cross-origin
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: origin
server: nginx
cross-origin-opener-policy: unsafe-none
expect-ct: max-age=31536000
x-frame-options: SAMEORIGIN
vary: Accept-Encoding, Origin
content-type: text/javascript;charset=UTF-8
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy: geolocation=(), microphone=(), payment=()
x-amz-cf-id: Io8ZVswXWXkTyNckTtjvO4h6zs_cWkIDYDV8MWQq68QGtr0bUqn3tw==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 Wins
rtb.adentifi.com/ Frame 8BB3 1 B
128 B 40ms
38ms Image
text/html 34.230.170.218
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.adentifi.com/Wins?price=1.654577;impId=1;lId=66202;sId=572529;cId=12483;crId=334143;adExchange=PubMatic;engineId=i-0f07103def907017e;adThdId=08cf3de0c6ac4a825de489216705c8d4;property=mediafire.com;dIp=ODYuNDguMTQuMzQ;dealId=0;geoId=38450;inventoryId=251148;rtdmIndicator=1;isDoubleVerify=false;timestamp=1691808612;bidPrice=MS43NDYyNjA1NTYyNTAwMDAy;transactCurr=2;transactConvRate=1.344;agencyCurr=1;agencyConvRate=1.0;billCurr=1;billConvRate=1.0;adId=f5183166-38ba-11ee-85c5-126ed29d825d
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.230.170.218 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-230-170-218.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 12 Aug 2023 02:50:14 GMT
access-control-allow-methods: GET, POST, DELETE, PUT
content-type: text/html

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 8E5F 0
0 49ms
49ms Fetch
image/gif 142.250.64.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstkDA4wYFWx63x3BvSymt_yYG9xsuWnslESNkYHw3lfqDVdl_QBBN1waerbWF_cvnXj-cDx0lBho_XL4N_AIF9p2WTBZpY90GA8kQxHcONBqG5QLfjwwrSbojMJ6myAeyZoDhFD0FvatCIFJM1lyZXPKTsivPquVrBJV4LYmoBwc8LxpWreKrV-MbM1v1wH6Am4xSWUNSPbbxUY2lsmTCBl7U2ff06HAa3VYsgaGHp-3xXIgtA5QhrxWdUoHFG-KlrHHR3UWgS1M1VhMtgBb6ZkbaXVQN-ZXBQq7Da90NgpDl_5zCglnv_tPUOjSR2jijMLLf6gyojltgE&sai=AMfl-YRUzFp6v3-HbsNi0FqozHAEOcNrUM0iUjUfu6SqwgTjyTU_bPMMGCMI2K5ZZ41slyX0hJOH1f34NtZ6ek2se4mkTxksIrxrXztM8tFju-hahqFPY8UOittjQY4q_p5y54AakRPtjPRGQLSYcRiI&sig=Cg0ArKJSzMsfWLpOCtRuEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com
URL: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.64.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s31-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:13 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 dcmads.js Show response
www.googletagservices.com/dcm/ Frame C9FD 16 KB
7 KB 51ms
48ms Script
text/javascript 142.251.32.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/dcmads.js

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.32.98 Marriottsville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s77-in-f2.1e100.net

Software

sffe /

Resource Hash

d72c9fb59846aff6405d2973c81bd8da823493502fab893e026a736a1ba01838

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 01:56:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3232
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6830
x-xss-protection: 0
last-modified: Wed, 24 May 2023 18:59:20 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Sat, 12 Aug 2023 02:56:21 GMT

GET
H2 204 Imps
rtb.adentifi.com/ Frame C9FD 0
284 B 1114ms
47ms Image
text/plain 34.230.170.218
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.adentifi.com/Imps?impId=1;adId=f5174700-38ba-11ee-922e-12ca368ed669;lId=66202;sId=572529;cId=12483;crId=334143;adThdId=08cf3de0c6ac4a825de489216705c8d4;adExchange=PubMatic;engineId=i-090c59ec835b18a8a;dealId=0;geoId=38450;inventoryId=251148;rtdmIndicator=1;timestamp=1691808612;property=mediafire.com;dIp=ODYuNDguMTQuMzQ;adThdIdCode=WEB_MD5;thirdPartyIdType=0
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.230.170.218 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-230-170-218.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:14 GMT

GET
H2 204 CookieSyncPubMatic
rtb.adentifi.com/ Frame C9FD 0
284 B 1106ms
40ms Image
text/plain 34.230.170.218
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.adentifi.com/CookieSyncPubMatic?gdpr=0
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.230.170.218 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-230-170-218.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:14 GMT

GET
H2 204 CookieAdobe
rtb.adentifi.com/ Frame C9FD 0
284 B 1116ms
50ms Image
text/plain 34.230.170.218
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.adentifi.com/CookieAdobe?gdpr=0
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.230.170.218 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-230-170-218.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:14 GMT

GET
H2 204 CookieNeustar
rtb.adentifi.com/ Frame C9FD 0
284 B 1105ms
39ms Image
text/plain 34.230.170.218
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.adentifi.com/CookieNeustar?gdpr=0
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.230.170.218 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-230-170-218.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:14 GMT

GET
H2 204 CookieLiveRamp
rtb.adentifi.com/ Frame C9FD 0
284 B 1104ms
38ms Image
text/plain 34.230.170.218
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.adentifi.com/CookieLiveRamp?gdpr=0
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.230.170.218 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-230-170-218.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:14 GMT

GET
H2 204 CookieBlueKai
rtb.adentifi.com/ Frame C9FD 0
284 B 1102ms
37ms Image
text/plain 34.230.170.218
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.adentifi.com/CookieBlueKai?gdpr=0
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.230.170.218 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-230-170-218.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:14 GMT

GET
H2

200

tpid=cuid_f6414811-38ba-11ee-94b7-1297b61989fd
sync.crwdcntrl.net/map/c=13119/tp=ADTN/ Frame C9FD
Redirect Chain

https://rtb.adentifi.com/CookieLotame?gdpr=0
https://sync.crwdcntrl.net/map/c=13119/tp=ADTN/tpid=cuid_f6414811-38ba-11ee-94b7-1297b61989fd

49 B
265 B

58ms
44ms

Image
image/gif

54.85.119.254
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/map/c=13119/tp=ADTN/tpid=cuid_f6414811-38ba-11ee-94b7-1297b61989fd
Requested by: Host: 90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com
URL: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Server: 54.85.119.254 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-85-119-254.compute-1.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 12 Aug 2023 02:50:14 GMT
server: Jetty(9.4.38.v20210224)
content-type: image/gif
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.40.46.133
content-length: 49
expires: 0

Redirect headers

location: https://sync.crwdcntrl.net/map/c=13119/tp=ADTN/tpid=cuid_f6414811-38ba-11ee-94b7-1297b61989fd
date: Sat, 12 Aug 2023 02:50:14 GMT
content-type: text/plain

GET
H2

204

usermatch.gif
beacon.krxd.net/ Frame C9FD
Redirect Chain

https://rtb.adentifi.com/CookieKrux?gdpr=0
https://beacon.krxd.net/usermatch.gif?partner=adtheorent&partner_uid=cuid_f6414811-38ba-11ee-94b7-1297b61989fd

0
337 B

358ms
35ms

Image
text/plain

34.196.116.51
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?partner=adtheorent&partner_uid=cuid_f6414811-38ba-11ee-94b7-1297b61989fd
Requested by: Host: 90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com
URL: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Server: 34.196.116.51 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-196-116-51.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-served-by: beacon-n039-ash-prod.krxd.net
date: Sat, 12 Aug 2023 02:50:14 GMT
cache-control: private, no-cache, no-store
x-request-time: D=45 t=1691808614
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location: https://beacon.krxd.net/usermatch.gif?partner=adtheorent&partner_uid=cuid_f6414811-38ba-11ee-94b7-1297b61989fd
date: Sat, 12 Aug 2023 02:50:14 GMT
content-type: text/plain

GET
H/1.1

200
OK

58383
i6.liadm.com/s/ Frame C9FD
Redirect Chain

https://rtb.adentifi.com/CookieLiveIntent?gdpr=0
https://i.liadm.com/s/58383?bidder_id=212430&bidder_uuid=cuid_f6414811-38ba-11ee-94b7-1297b61989fd
https://i.liadm.com/s/58383?bidder_id=212430&bidder_uuid=cuid_f6414811-38ba-11ee-94b7-1297b61989fd&_li_chk=true&previous_uuid=0e7b45fe85814d68a1d8e068e82a87eb
https://i6.liadm.com/s/58383?bidder_id=212430&bidder_uuid=cuid_f6414811-38ba-11ee-94b7-1297b61989fd

43 B
274 B

221ms
35ms

Image
image/gif

54.236.93.201

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i6.liadm.com/s/58383?bidder_id=212430&bidder_uuid=cuid_f6414811-38ba-11ee-94b7-1297b61989fd

Requested by

Host: 90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com
URL: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

HTTP/1.1

Server

54.236.93.201 -, , ASN (),

Reverse DNS

Software

Resource Hash

caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Sat, 12 Aug 2023 02:50:21 GMT
Cache-Control: no-store
Strict-Transport-Security: max-age=31536000; includeSubDomains
Connection: keep-alive
Content-Length: 43
Request-Time: 0
Content-Type: image/gif

Redirect headers

Location: https://i6.liadm.com/s/58383?bidder_id=212430&bidder_uuid=cuid_f6414811-38ba-11ee-94b7-1297b61989fd
Date: Sat, 12 Aug 2023 02:50:21 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Connection: keep-alive
Content-Length: 0
Request-Time: 2

GET
H2

200

insync
thrtle.com/ Frame C9FD
Redirect Chain

https://rtb.adentifi.com/CookieThrotle?gdpr=0
https://thrtle.com/insync?vxii_pid=10077&vxii_pdid=cuid_f6414811-38ba-11ee-94b7-1297b61989fd
https://thrtle.com/insync?vxii_pdid=cuid_f6414811-38ba-11ee-94b7-1297b61989fd&vxii_pid=12&vxii_pid1=10077&vxii_rcid=d9840368-9420-4ba8-8f4e-7f8b0eb9cd94

43 B
294 B

37ms
37ms

Image
image/gif

18.233.70.253
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://thrtle.com/insync?vxii_pdid=cuid_f6414811-38ba-11ee-94b7-1297b61989fd&vxii_pid=12&vxii_pid1=10077&vxii_rcid=d9840368-9420-4ba8-8f4e-7f8b0eb9cd94
Requested by: Host: 90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com
URL: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Server: 18.233.70.253 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-233-70-253.compute-1.amazonaws.com
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

p3p: CP="NOI OUR BUS UNI COM NAV"
date: Sat, 12 Aug 2023 02:50:17 GMT
content-length: 43
content-type: image/gif

Redirect headers

location: https://thrtle.com/insync?vxii_pdid=cuid_f6414811-38ba-11ee-94b7-1297b61989fd&vxii_pid=12&vxii_pid1=10077&vxii_rcid=d9840368-9420-4ba8-8f4e-7f8b0eb9cd94
date: Sat, 12 Aug 2023 02:50:17 GMT
content-type: text/html; charset=utf-8
content-length: 187
p3p: CP="NOI OUR BUS UNI COM NAV"

GET
H2 200 ca Show response
choices.truste.com/ Frame C9FD 27 KB
10 KB 123ms
54ms Script
text/javascript 18.164.116.28
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://choices.truste.com/ca?pid=adtheorent01&aid=adtheorent01&cid=12483&c=adtheorent01cont334143&w=728&h=90&js=pmw0&plc=tr&uid=08cf3de0c6ac4a825de489216705c8d4

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.164.116.28 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-164-116-28.jfk50.r.cloudfront.net

Software

nginx /

Resource Hash

8f0ac09fd1c5264d71eb7d98b593c70601031bf6240774d1c4f216857c77d3c4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' ; font-src 'self' ; style-src 'self' 'unsafe-inline' ; img-src 'self' data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' ; frame-ancestors 'self' ; connect-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; object-src 'self' ; media-src 'self' ; child-src 'self' ; worker-src 'self' ; manifest-src 'self' *;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 54a56da0fe0bae919389c7d572d4720e.cloudfront.net (CloudFront)
content-security-policy: default-src 'self' 'unsafe-eval' *; font-src 'self' *; style-src 'self' 'unsafe-inline' *; img-src 'self' * data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' *; frame-ancestors 'self' *; connect-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; object-src 'self' *; media-src 'self' *; child-src 'self' *; worker-src 'self' *; manifest-src 'self' *;
x-amz-cf-pop: JFK50-P6
cross-origin-embedder-policy: unsafe-none
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: origin
server: nginx
cross-origin-opener-policy: unsafe-none
expect-ct: max-age=31536000
x-frame-options: SAMEORIGIN
vary: Accept-Encoding, Origin
content-type: text/javascript;charset=UTF-8
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy: geolocation=(), microphone=(), payment=()
x-amz-cf-id: 3X8DWJO32KPeb4RFPsdicwaB4G413t5pBoe-A5VSsy8IRD5VoV97Fw==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 Wins
rtb.adentifi.com/ Frame C9FD 1 B
128 B 38ms
36ms Image
text/html 34.230.170.218
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.adentifi.com/Wins?price=1.555821;impId=1;lId=66202;sId=572529;cId=12483;crId=334143;adExchange=PubMatic;engineId=i-090c59ec835b18a8a;adThdId=08cf3de0c6ac4a825de489216705c8d4;property=mediafire.com;dIp=ODYuNDguMTQuMzQ;dealId=0;geoId=38450;inventoryId=251148;rtdmIndicator=1;isDoubleVerify=false;timestamp=1691808612;bidPrice=MS43NDYyNjA1NTYyNTAwMDAy;transactCurr=2;transactConvRate=1.344;agencyCurr=1;agencyConvRate=1.0;billCurr=1;billConvRate=1.0;adId=f5174700-38ba-11ee-922e-12ca368ed669
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.230.170.218 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-230-170-218.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 12 Aug 2023 02:50:14 GMT
access-control-allow-methods: GET, POST, DELETE, PUT
content-type: text/html

GET
H2 200 impl_v96.js Show response
www.googletagservices.com/dcm/ Frame 9E34 49 KB
20 KB 38ms
38ms Script
text/javascript 142.251.32.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/impl_v96.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/dcmads.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.32.98 Marriottsville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s77-in-f2.1e100.net

Software

sffe /

Resource Hash

843dea1d022be79c95643821b1140cc2d081094ee77ccf7a1f637a1ad8fca33f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Fri, 11 Aug 2023 05:56:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 75232
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20157
x-xss-protection: 0
last-modified: Mon, 22 May 2023 16:41:33 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 10 Aug 2024 05:56:21 GMT

GET
H2 200 impl_v96.js Show response
www.googletagservices.com/dcm/ Frame 8BB3 49 KB
20 KB 31ms
31ms Script
text/javascript 142.251.32.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/impl_v96.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/dcmads.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.32.98 Marriottsville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s77-in-f2.1e100.net

Software

sffe /

Resource Hash

843dea1d022be79c95643821b1140cc2d081094ee77ccf7a1f637a1ad8fca33f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Fri, 11 Aug 2023 05:56:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 75232
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20157
x-xss-protection: 0
last-modified: Mon, 22 May 2023 16:41:33 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 10 Aug 2024 05:56:21 GMT

GET
DATA 200
OK truncated
/ Frame 2BF7 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9058feb51314767584403e9a88d3f8db21f883e95199a0c7a448b7d3361d447e

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 impl_v96.js Show response
www.googletagservices.com/dcm/ Frame C9FD 49 KB
20 KB 31ms
30ms Script
text/javascript 142.251.32.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/impl_v96.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/dcmads.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.32.98 Marriottsville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s77-in-f2.1e100.net

Software

sffe /

Resource Hash

843dea1d022be79c95643821b1140cc2d081094ee77ccf7a1f637a1ad8fca33f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Fri, 11 Aug 2023 05:56:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 75232
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20157
x-xss-protection: 0
last-modified: Mon, 22 May 2023 16:41:33 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 10 Aug 2024 05:56:21 GMT

GET
H2 200 log
hblg.media.net/ Frame 5D09 35 B
191 B 50ms
32ms Image
image/gif 23.198.216.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hblg.media.net/log?logid=kfke&evtid=plutol1&pixel_len_bucket=538&__q=AYYEIwKELAQCAAABAAAAAgAAAABAAAEABgAAQIABAAgAMNAATjQ3ODcwMTA0MzcwNjc2XzIxMDQ0NjUxMzlfMjIxMzM3NDc4NDU5MUAyMGJmNzc4MmVlMDc0MDBhYWNjMGFiMmY2MTNjMTM0ZZYHMzMzMzMzwz-2AWh0dHBzOi8vd3d3Lm1lZGlhZmlyZS5jb20vZmlsZS8ydng2Njc1YzV3a2Y5NXMvT21lZ2xlX2xvYWRpbmdfdmlkZW8tX0ZyZWVfRG93bmxvYWQubXA0L2ZpbGUEQ0EabWVkaWFmaXJlLmNvbRI4Q1VCTU5WNzQIDjMwMHgyNTAKMC4xMzIOZWFzdF9zYwhFQkRBCAZhZG0AAAAAAADAVkDkhLb6vGICMQAAAECOK0A_NnJ0Yi1lYmRhLTc0YjU2OGI3OS10ZGRwNy5TQz4wMjAwMDgwODA3NjI4MzAwMzAwMDI1MDAwMDQyOTAwAhAzMDY5MWIyMwJkAg&utime=554&sf=0&cpr=0.04447059733846537

Requested by

Host: 90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com
URL: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.198.216.24 Piscataway, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-198-216-24.deploy.static.akamaitechnologies.com

Software

Resource Hash

796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400 ; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 12 Aug 2023 02:50:13 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
content-length: 35
expires: Sat, 12 Aug 2023 02:50:13 GMT

GET
DATA 200
OK truncated
/ Frame 077C 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ae1f94c6382a14b97db5dc6f255bf07c0ee75ae3fdf96a1e959a9cba3c1abd8b

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 8E5F 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5625762bcbaa3bd50fc1a88f5d31e8fae33b81c9b8f01930ed7264452af7cb01

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame DC23 39 KB
14 KB 186ms
106ms Document
text/html 23.77.173.8
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: 90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com
URL: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.77.173.8 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-77-173-8.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 5cd425896ccfd119ee720821af6a832189231c40d52ae8cad03480886967b984

Request headers

Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=54902
content-encoding: gzip
content-length: 14445
content-type: text/html
date: Sat, 12 Aug 2023 02:50:13 GMT
expires: Sat, 12 Aug 2023 18:05:15 GMT
last-modified: Tue, 21 Mar 2023 06:09:28 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H2 200 AdDisplayTrackerServlet Show response
st.pubmatic.com/AdServer/ Frame E66B 0
91 B 344ms
27ms Document
text/plain 162.248.18.36
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://st.pubmatic.com/AdServer/AdDisplayTrackerServlet?operId=1&pubId=158936&siteId=647353&adId=2570253&imprId=E8BD10C3-FFE2-40FC-97AA-0C1D187CBCA8&cksum=935D0A76082AA911&adType=10&adServerId=243&kefact=1.399469&kaxefact=1.399469&kadNetFrequecy=0&kadwidth=300&kadheight=250&kadsizeid=9&kltstamp=1691808612&indirectAdId=0&adServerOptimizerId=2&ranreq=0.1&kpbmtpfact=1.332827&dcId=2&tldId=0&passback=0&svr=BIDNYC30118&adsver=_115843193&adsabzcid=0&cls=BID&i0=0x3100000000000000&ekefact=ZPPWZMBEAwAcKO-SUG5QkLRTNLEcp7Owy7s57MCjyRpD0GNw&ekaxefact=ZPPWZM5EAwCdhgS4JeEebQ2TPJ_l1DjYDUPvfor0iv9w3vKh&ekpbmtpfact=ZPPWZNtEAwBLvhS-P9NDP0oL_xHzpSkMA_Imcehi47yTjsqy&enpp=ZPPWZOlEAwDbdBm6xgqwDryaOSkiHFRzlWraSDJ4YACbV0Yq&pfi=1&domId=16666437334433960935&dc=NYC3&pubBuyId=9044&crID=334144&lpu=aircanada.com&ucrid=9866637068300546854&campaignId=23354&creativeId=0&pctr=0.000000&wDSPByrId=1&wDspId=964&wbId=0&wrId=3379092&wAdvID=556&wDspCampId=66202&isRTB=1&rtbId=CE06B20E-92DC-4961-A73E-13D7C520DDDF&ver=11&dateHr=2023081202&oid=E8BD10C3-FFE2-40FC-97AA-0C1D187CBCA8&cntryId=40&sec=1&pAuSt=3&wops=0&sURL=mediafire.com&BrID=5
Requested by: Host: 90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com
URL: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 162.248.18.36 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
content-length: 0
date: Sat, 12 Aug 2023 02:50:12 GMT
expires: 0
pragma: no-cache

GET
H2 200 showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame 6406 39 KB
14 KB 168ms
105ms Document
text/html 23.77.173.8
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: 90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com
URL: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.77.173.8 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-77-173-8.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 5cd425896ccfd119ee720821af6a832189231c40d52ae8cad03480886967b984

Request headers

Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=54902
content-encoding: gzip
content-length: 14445
content-type: text/html
date: Sat, 12 Aug 2023 02:50:13 GMT
expires: Sat, 12 Aug 2023 18:05:15 GMT
last-modified: Tue, 21 Mar 2023 06:09:28 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H2 200 AdDisplayTrackerServlet Show response
st.pubmatic.com/AdServer/ Frame 962D 0
49 B 328ms
29ms Document
text/plain 162.248.18.36
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://st.pubmatic.com/AdServer/AdDisplayTrackerServlet?operId=1&pubId=158936&siteId=647353&adId=2570256&imprId=263CA70E-B675-497A-9676-A199C1ED48C0&cksum=1551A2F381F3F870&adType=10&adServerId=243&kefact=1.633612&kaxefact=1.633612&kadNetFrequecy=0&kadwidth=728&kadheight=90&kadsizeid=7&kltstamp=1691808612&indirectAdId=0&adServerOptimizerId=2&ranreq=0.1&kpbmtpfact=1.555821&dcId=2&tldId=0&passback=0&svr=BIDNYC30434&adsver=_115843193&adsabzcid=0&cls=BID&i0=0x3100000000000000&ekefact=ZPPWZD9GAwBNDEiFlJp6Rv4c3ZwuazVkDOblB3t3bR-oDTjW&ekaxefact=ZPPWZFRGAwA1vZ6nhf3AE5Cu564WAeCHjMIYucyoymw3DNKI&ekpbmtpfact=ZPPWZGJGAwD1AUrjZBTW2QCqe5Z9gFQLBXE_rJgBdg4EZ_kv&enpp=ZPPWZG5GAwAcfJeq5NylYswua7LBdceJ7WS12C6wDqmI7mef&pfi=1&domId=16666437334433960935&dc=NYC3&pubBuyId=9044&crID=334143&lpu=aircanada.com&ucrid=10124167893140677826&campaignId=23354&creativeId=0&pctr=0.000000&wDSPByrId=1&wDspId=964&wbId=0&wrId=3379092&wAdvID=556&wDspCampId=66202&isRTB=1&rtbId=F8F1269C-B029-44BD-A08B-C2A771D44469&ver=10&dateHr=2023081202&oid=263CA70E-B675-497A-9676-A199C1ED48C0&cntryId=40&sec=1&pAuSt=3&wops=0&sURL=mediafire.com&BrID=5
Requested by: Host: 90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com
URL: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 162.248.18.36 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
content-length: 0
date: Sat, 12 Aug 2023 02:50:13 GMT
expires: 0
pragma: no-cache

GET
H2 200 showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame A80F 39 KB
14 KB 164ms
105ms Document
text/html 23.77.173.8
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: 90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com
URL: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.77.173.8 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-77-173-8.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 5cd425896ccfd119ee720821af6a832189231c40d52ae8cad03480886967b984

Request headers

Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=54902
content-encoding: gzip
content-length: 14445
content-type: text/html
date: Sat, 12 Aug 2023 02:50:13 GMT
expires: Sat, 12 Aug 2023 18:05:15 GMT
last-modified: Tue, 21 Mar 2023 06:09:28 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H2 200 AdDisplayTrackerServlet Show response
st.pubmatic.com/AdServer/ Frame 0664 0
49 B 324ms
28ms Document
text/plain 162.248.18.36
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://st.pubmatic.com/AdServer/AdDisplayTrackerServlet?operId=1&pubId=158936&siteId=647353&adId=2570251&imprId=0381211E-2317-4AA6-B3C0-74D8F3ECEF54&cksum=5A68120062F8DC7&adType=10&adServerId=243&kefact=1.737306&kaxefact=1.737306&kadNetFrequecy=0&kadwidth=728&kadheight=90&kadsizeid=7&kltstamp=1691808612&indirectAdId=0&adServerOptimizerId=2&ranreq=0.1&kpbmtpfact=1.654577&dcId=2&tldId=0&passback=0&svr=BIDNYC30112&adsver=_115843193&adsabzcid=0&cls=BID&i0=0x3100000000000000&ekefact=ZPPWZMtdAwBqNF4JUpdawJo7w-TaN5WGDaDCTSyzaW41S_PZ&ekaxefact=ZPPWZOBdAwCx2_j0IepiPZba4GmvDOaFPzJu-T1Uc2q95pge&ekpbmtpfact=ZPPWZP1dAwAX6D5ydXeOjhYSZ23RQHQRSI-ZjzAhBQFC0J1L&enpp=ZPPWZA9eAwA7l5P17SHWQ8qrKOQtWEqLAh_lFq345V3mGV9Z&pfi=1&domId=16666437334433960935&dc=NYC3&pubBuyId=9044&crID=334143&lpu=aircanada.com&ucrid=10124167893140677826&campaignId=23354&creativeId=0&pctr=0.000000&wDSPByrId=1&wDspId=964&wbId=0&wrId=3379092&wAdvID=556&wDspCampId=66202&isRTB=1&rtbId=BA0E51CE-1012-49D7-8BD2-8E51931BC0C9&ver=13&dateHr=2023081202&oid=0381211E-2317-4AA6-B3C0-74D8F3ECEF54&cntryId=40&sec=1&pAuSt=3&wops=0&sURL=mediafire.com&BrID=5
Requested by: Host: 90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com
URL: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 162.248.18.36 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
content-length: 0
date: Sat, 12 Aug 2023 02:50:13 GMT
expires: 0
pragma: no-cache

GET
DATA 200
OK truncated
/ Frame 5D09 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ccecef0b593af5846a0532ba35516e2334f02179a60af2d50b1f2c1d1c6c402c

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 container.html Show response
mnadshield-a.akamaihd.net/creativewrapper/0-0-1/html/ Frame B838 667 B
789 B 340ms
29ms Document
text/html 104.126.116.169
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://mnadshield-a.akamaihd.net/creativewrapper/0-0-1/html/container.html

Requested by

Host: hbx.media.net
URL: https://hbx.media.net/creativewrapper/0-0-1/js/cw.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.126.116.169 New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a104-126-116-169.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

f00340624ead5370c90c6c143feaeee7120ce637921e26df9ed73e4c06b3e497

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: max-age=424012
content-length: 667
content-type: text/html; charset=UTF-8
date: Sat, 12 Aug 2023 02:50:13 GMT
server: Apache
strict-transport-security: max-age=604800
vary: Accept-Encoding

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame A80F 2 KB
2 KB 336ms
28ms Script
text/html 104.36.115.113
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=92982941&p=158936&s=647353&a=0&ptask=DSP&np=0&fp=1&rp=0&mpc=10&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=1---
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.115.113 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: 9c35a9840aeda15526e4c112f744475c9c95a80fd73a952a2a45732fc700ec08

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Sat, 12 Aug 2023 02:50:12 GMT
content-length: 1690
content-type: text/html; charset=UTF-8

GET
H3 200 px.gif
fundingchoicesmessages.google.com/img/ 43 B
68 B 57ms
56ms Image
image/gif 142.251.40.142
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fundingchoicesmessages.google.com/img/px.gif?ch=1&rn=7.661301506097741

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.142 Newark, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s80-in-f14.1e100.net

Software

ESF /

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Rg41fiKC9kHhP8VdPSK49w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingDetectionHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingDetectionHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingDetectionHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:13 GMT
content-security-policy: script-src 'report-sample' 'nonce-Rg41fiKC9kHhP8VdPSK49w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingDetectionHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingDetectionHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingDetectionHttp/cspreport
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: image/gif
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 px.gif
fundingchoicesmessages.google.com/img/ 43 B
68 B 56ms
55ms Image
image/gif 142.251.40.142
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fundingchoicesmessages.google.com/img/px.gif?ch=2&rn=7.191069734421745

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.142 Newark, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s80-in-f14.1e100.net

Software

ESF /

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-vtlBg79Kv1hayN3R7L18vQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingDetectionHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingDetectionHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingDetectionHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:13 GMT
content-security-policy: script-src 'report-sample' 'nonce-vtlBg79Kv1hayN3R7L18vQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingDetectionHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingDetectionHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingDetectionHttp/cspreport
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: image/gif
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET increment
id5-sync.com/api/esp/ 0
0

POST
H3 204 AGSKWxWaiPIMA9JjuFsxpfeV3zMyrnDlW0zodD06ViD7Ggw_9XbzHwY6Lfwns9f7gzUJ9SrlxapsLOTHu62VZsDA-MLyEcWLiJEm4gGDVYrZe6VUw_xMOm71b1-OKdK_IKJe8hCdAEfExQ== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 117ms
53ms XHR
text/html 142.251.40.142
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWaiPIMA9JjuFsxpfeV3zMyrnDlW0zodD06ViD7Ggw_9XbzHwY6Lfwns9f7gzUJ9SrlxapsLOTHu62VZsDA-MLyEcWLiJEm4gGDVYrZe6VUw_xMOm71b1-OKdK_IKJe8hCdAEfExQ==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.142 Newark, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s80-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-EvUuH_P1Ba9XzDb_8rq0xQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 12 Aug 2023 02:50:13 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-EvUuH_P1Ba9XzDb_8rq0xQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.mediafire.com
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame EEE7 15 KB
6 KB 115ms
34ms Document
text/html 74.119.119.139
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=www.mediafire.com&gdpr=0&gdpr_consent=&us_privacy=1---

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.ids.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.119.119.139 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

c5f572ed80485a43331f587039ef455ab7400d278434cdee0965a0fea35befcf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://www.mediafire.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sat, 12 Aug 2023 02:50:12 GMT
server: Kestrel
server-processing-duration-in-ticks: 744023
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 json Show response
gum.criteo.com/sid/ Frame EEE7 427 B
554 B 35ms
35ms Fetch
application/json 74.119.119.139
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=publishertagids&domain=mediafire.com&sn=ChromeSyncframe&so=0&topUrl=www.mediafire.com&cw=1&lsw=1&topicsavail=0&fledgeavail=0

Requested by

Host: gum.criteo.com
URL: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=www.mediafire.com&gdpr=0&gdpr_consent=&us_privacy=1---

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.119.119.139 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

10a0cfddf4f2bc4d4e9c8f38d9bbddc16d88d0847f10cf03805b6723c9ea68c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=www.mediafire.com&gdpr=0&gdpr_consent=&us_privacy=1---
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 12 Aug 2023 02:50:12 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: application/json; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 2505134
expires: 0

GET
H2 200 npfm.js Show response
c.pm-serv.co/ Frame B838 107 KB
37 KB 158ms
56ms Script
text/javascript 23.47.144.150
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pm-serv.co/npfm.js?cid=8CUK73G0A&ydspr=1
Requested by: Host: mnadshield-a.akamaihd.net
URL: https://mnadshield-a.akamaihd.net/creativewrapper/0-0-1/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.47.144.150 Piscataway, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-47-144-150.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: f6b8016adbaa736caeb1372ed11deb3247b753b90ac6bc340856d5be8d579bca

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mnadshield-a.akamaihd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-mnt-h: 22-pr8r
content-encoding: gzip
date: Sat, 12 Aug 2023 02:50:13 GMT
server: Apache
etag: "409f5a58ac04461fdd3bee9e48fd3fb8"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: max-age=300
x-mnt-w: 22-pr8r
timing-allow-origin: *
content-length: 37598
expires: Sat, 12 Aug 2023 02:55:13 GMT

GET
H2

200

b9pj45k4 Show response
sync-tm.everesttech.net/ct/upi/pid/ Frame 2C3B
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_con...
https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_...

85 B
259 B

39ms
38ms

Document
image/png

151.101.66.49
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_consent=&_test=ZNbzaAAErzcYwQA4
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.66.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Jetty(9.4.35.v20201120) /
Resource Hash: acccc501aa6afa3cfac15e8ddccf1561deed2ed08c2f7d652abbdbe9aa71609a

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: no-cache
content-length: 85
content-type: image/png
date: Sat, 12 Aug 2023 02:50:17 GMT
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
pragma: no-cache
server: Jetty(9.4.35.v20201120)
via: 1.1 varnish
x-cache: MISS
x-cache-hits: 0
x-served-by: cache-yyz4532-YYZ
x-timer: S1691808617.998672,VS0,VE21

Redirect headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: no-cache
content-length: 0
date: Sat, 12 Aug 2023 02:50:16 GMT
location: https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_consent=&_test=ZNbzaAAErzcYwQA4
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
pragma: no-cache
server: Jetty(9.4.35.v20201120)
via: 1.1 varnish
x-cache: MISS
x-cache-hits: 0
x-served-by: cache-yyz4532-YYZ
x-timer: S1691808617.941730,VS0,VE21

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame 1D26
Redirect Chain

https://p.rfihub.com/cm?pub=224&in=1&getuid=https%3A//image2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw%26piggybackCookie%3D%24UID%26gdpr%3D0%26gdpr_consent%3D
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw&piggybackCookie=968625789851924408

42 B
273 B

33ms
33ms

Document
image/gif

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw&piggybackCookie=968625789851924408
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Sat, 12 Aug 2023 02:50:15 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

Content-Length: 0
Date: Sat, 12 Aug 2023 02:50:17 GMT
Location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw&piggybackCookie=968625789851924408
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Server: Jetty(9.4.51.v20230217)

GET
H/1.1

200
OK

dcm Show response
s.amazon-adsystem.com/ Frame DF81
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=3b882453-6770-4785-baf8-a598533c054a&id=D4E60507-3D6E-4B86-BC65-074A03A0A8BC&redir=true&gdpr=0&gdpr_consent=
https://s.amazon-adsystem.com/dcm?pid=3b882453-6770-4785-baf8-a598533c054a&id=D4E60507-3D6E-4B86-BC65-074A03A0A8BC&redir=true&gdpr=0&gdpr_consent=&dcc=t

43 B
855 B

67ms
67ms

Document
image/gif

52.46.155.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.amazon-adsystem.com/dcm?pid=3b882453-6770-4785-baf8-a598533c054a&id=D4E60507-3D6E-4B86-BC65-074A03A0A8BC&redir=true&gdpr=0&gdpr_consent=&dcc=t

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.155.104 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif
Date: Sat, 12 Aug 2023 02:50:15 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Server: Server
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Vary: Content-Type,Accept-Encoding,User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
x-amz-rid: TFX16EQP2AN9VAEV26DN

Redirect headers

Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 0
Date: Sat, 12 Aug 2023 02:50:14 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://s.amazon-adsystem.com/dcm?pid=3b882453-6770-4785-baf8-a598533c054a&id=D4E60507-3D6E-4B86-BC65-074A03A0A8BC&redir=true&gdpr=0&gdpr_consent=&dcc=t
Pragma: no-cache
Server: Server
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Vary: Content-Type,Accept-Encoding,User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
x-amz-rid: ACBEYFMY40W5F622BS8Q

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame A80F
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=RDRFNjA1MDctM0Q2RS00Qjg2LUJDNjUtMDc0QTAzQTBBOEJD&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

42 B
245 B

119ms
33ms

Image
image/gif

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Requested by: Host: 90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com
URL: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Sat, 12 Aug 2023 02:50:14 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Sat, 12 Aug 2023 02:50:14 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame A80F
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEFBXn7OfJmrSDd4kLz0XOTI&google_cver=1

42 B
348 B

120ms
34ms

Image
image/gif

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEFBXn7OfJmrSDd4kLz0XOTI&google_cver=1
Requested by: Host: 90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com
URL: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Fri, 11 Aug 2023 22:41:02 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Sat, 12 Aug 2023 02:50:14 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEFBXn7OfJmrSDd4kLz0XOTI&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 379
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame A80F
Redirect Chain

https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:497B82719425476FA94697E20A366A4D

42 B
325 B

34ms
34ms

Image
image/gif

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:497B82719425476FA94697E20A366A4D
Requested by: Host: 90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com
URL: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Sat, 12 Aug 2023 02:50:20 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

date: Sat, 12 Aug 2023 02:50:21 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:497B82719425476FA94697E20A366A4D
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Fri, 11 Aug 2023 02:50:21 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame A80F
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmb/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=0f47a966-b427-4320-bc28-81b881249716&gdpr=0&gdpr_consent=

42 B
507 B

337ms
28ms

Image
image/gif

162.248.18.37
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=0f47a966-b427-4320-bc28-81b881249716&gdpr=0&gdpr_consent=
Requested by: Host: 90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com
URL: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Server: 162.248.18.37 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Sat, 12 Aug 2023 02:50:15 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Sat, 12 Aug 2023 02:50:15 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=0f47a966-b427-4320-bc28-81b881249716&gdpr=0&gdpr_consent=
content-type: text/html
cache-control: private,no-cache, must-revalidate
content-length: 355

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame A80F
Redirect Chain

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=2778506454670933063&gdpr=0&gdpr_consent=&us_privacy=

1 B
256 B

28ms
28ms

Image
text/html

162.248.18.37
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=2778506454670933063&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: 90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com
URL: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Server: 162.248.18.37 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-type: text/html; charset=utf-8
date: Sat, 12 Aug 2023 02:50:20 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=2778506454670933063&gdpr=0&gdpr_consent=&us_privacy=
pragma: no-cache
date: Sat, 12 Aug 2023 02:50:20 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H2 200 D4E60507-3D6E-4B86-BC65-074A03A0A8BC
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame A80F 43 B
602 B 123ms
40ms Image
image/gif 44.210.181.70
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/pubmatic/D4E60507-3D6E-4B86-BC65-074A03A0A8BC?gdpr=0&gdpr_consent=

Requested by

Host: 90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com
URL: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

44.210.181.70 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-210-181-70.compute-1.amazonaws.com

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Content-Security-Policy	sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:13 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: image/gif
content-length: 43

GET
H2

200

SPug
image4.pubmatic.com/AdServer/ Frame A80F
Redirect Chain

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=D4E60507-3D6E-4B86-BC65-074A03A0A8BC&redir=true&gdpr=0&gdpr_consent=
https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=D4E60507-3D6E-4B86-BC65-074A03A0A8BC&redir=true&gdpr=0&gdpr_consent=&verify=true
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-sWpjIptE2uVHcR.DWHs_gSwyRafDAz4-~A&gdpr=0

0
128 B

38ms
28ms

Image
text/plain

162.248.18.34
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-sWpjIptE2uVHcR.DWHs_gSwyRafDAz4-~A&gdpr=0
Requested by: Host: 90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com
URL: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Server: 162.248.18.34 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:21 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-sWpjIptE2uVHcR.DWHs_gSwyRafDAz4-~A&gdpr=0
date: Sat, 12 Aug 2023 02:50:21 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.75
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 200 SAFEFRAME.html Show response
c.pm-serv.co/sr/2722522032/ Frame F57E 76 KB
26 KB 367ms
367ms Document
text/html 23.47.144.150
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pm-serv.co/sr/2722522032/SAFEFRAME.html?ule=2384&&kkdd=A3%7CW%7C9uh3*AnH&Rw=hSMhCOCShUMVT_JTSUT&DeWE=O&YuWb=O&(u-d=yTTU&-we=C83AVUZOK&-W-e=DLami3hSYvQG!HzRL8crai%3D%3D&-Ewe=MhShU_UCS&uwnd=UOO*T_O&--=8K&u-=0j&-1zY=r8!&Wwe=C!04_rCgS&(Wwe=26glpTC&1((Wu=h&EEE=4SadqsXYjVU37_kZWgXW*7Z(CvlpCL()bhfczNrnwm9C!uSJbZMhn9yawvmhuACD40b300pO5T*2XGge6Qs0k!()0NHVSU4AOKa!VfjUUlm26Kq8kn)pLK%3D%3D&zud=_&Xi=h&sDe=J&be(h=C83.9j7VJ&be(T=TThUUVJVC&aeb(b=ueT%3DzsXXo((%3DCT_OowsEX5X%3DOo~DdEWY%3DOBh_oRi5d*-%3DOBMhoRwu5ue%3DTCOoe-T%3Dhou-e%3D~zoR5buz%3DhUSVCVoRXTE5ue%3DTOTUOChhTOowsEX5a%3DUhOhBOSosEX5(f-%3DOou(e%3D_OJM_SUTVo9!%3DBxRwed~BxoRwu5sEX5a%3DOBCCowW%3DhnvdhLokaa%3DOoRwu5sEX5X%3DUOoEwwWsb%3DO%2COod(%3DhSoE-%3DT%2CJMoEWu5ue%3DTOTUOChhTOoRwu5a%3DCCTBMJosEX5a%3DOBUToRXTE5sEX5a%3DOoRXTE5sEX5Rw%3DhrchSosEX5(Rw%3DOosEX5X%3DOoD-b(%3D_OhJOOoaa%3DhTCoRR%3DOoXTE5a%3DhOOOodEWY%3DOBh_oRXTE5sEX5f-%3DOrOoRXTE5sW5X%3DTOoaY%3DhobUW5a%3DSBTT%2CTSB__ouwe%3DC-adVMbTJJMeVeV-aCCVkaSC_SddhUaboue%3DOoswe%3DT)bZYumYGwhjJA*)_7oa(e%3DTTUMChUUSOVSM_VVOJCSS_OUJ_OMTOTOChTUOJOSJCS_JhT_UOChSTUhOMhJVJUCVhJJCMhTCCJVMUSMV_SJCMTVJTTOVVh_VVVUUhTofa5uE-%3DfaaoRis%3DOBMhoeTW5X%3DhOoUW-k%3DhOhOoswY%3DOoeYY5u(ED%3Dd-WoRXTE5sW5a%3DOoeTW5a%3DOBMCo~DeTW5a%3DOBMSoRsEX5a%3DOBMUouu%3DjKo--%3D8Kofa5eX%3Dz%2Fboswi%3Dcho-d%3DOoEWu5a%3DTSB__oRsEX5X%3DOo8)%3DTMCJofa5s-%3Dhoz(u%3Dhofa5sX%3Dz%2Fbofa5--fu%3Dho9!T%3DBxe~izX~beBxo-(%3D(~E~z(~oauu5A2p%3DjK%2CjKowRsEX5a%3DhBOCo!Q%3DOowuwk%3DOofa5((%3DOoawe%3DOBh_ofa5W(%3Dj~(%20!E~-duudeoe-%3DCoRXTE5a%3DSBTTowRsEX5X%3DOo-aeW%3DOBhUToaua%3DOo(Du%3DUOO*T_Oozun%3DhoauW%3DOo(Y*%3DTJUow(LWd5we%3DToudXXdE5(bD5we%3D_OJM_SUTVousWWXL5(bD5we%3D%2FThCCTCJJOTV%2Fgduf(~WcG~zdUoed(d-(de5(bD5we%3DoRwdibawXw(L%3DOBMhoW~u%3Dho-(E%3DJBMUJVUJCMVSCCOUhrcJobeaXf%3D_OJM_SUTVobYW%3Dho-bEEwdE)e%3DOo~Dawe%3DOBh_OoakXE%3DOBOhOouswe%3Doe(-%3Ddbu(5u-owu5~E(a%3DhoeYY5dEWY%3DkbXudoeYY%3Dd-WoaeW-bWe%3DOoebXD%3Dd-W5bs(~ou~aW%3Do1(YX%3Dhoe-s(%3DhOoe~Da%3DOchod-W5sude%3DadX~i5H_Ood-W5W_O%3DOBhVVTTod-W5WV_%3DOB_COJ_owa-%3Dh&z(R=O&YYY=sl~ujk)gHrf%3D&wi=UOO&wz)kE=h&aeE)e=J_M&iXu(W=h&Y-k=CJUST&LeuWE=h&abd=.Jb.HdHJ.Do.Jb.HdbD.DoJdd&fb(WEd=h&fb(awe=chOT&-be~Ybwz=(nvc1y-Xcy5Yh)rja~l1p2hhOVC_qfuuH-gKqu)u_qF%3D&wuwe=_&beR=!EdYwsY%206dbE-1du&WDwe=WOhJ_JJJM_OM(TOTUOChTOT_O&uuXe=%7B%22uuwW%22%3A%22CSBJCBhJBO%22%2C%22uu--%22%3A%228K%22%2C%22uuu-%22%3A%228Kc0j%22%2C%22uu-(L%22%3A%222~E~z(~%22%7D&1(YXuE-=h&(-k5-YW=h&ure=1
Requested by: Host: c.pm-serv.co
URL: https://c.pm-serv.co/npfm.js?cid=8CUK73G0A&ydspr=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.47.144.150 Piscataway, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-47-144-150.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e6ee39f6114bbeeb00f831c04892edaecb6cad0ee618b30e43a16d038e3e4898

Request headers

Referer: https://mnadshield-a.akamaihd.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: max-age=0, no-cache, no-store
content-encoding: gzip
content-length: 26575
content-type: text/html
date: Sat, 12 Aug 2023 02:50:14 GMT
expires: Sat, 12 Aug 2023 02:50:14 GMT
pragma: no-cache
timing-allow-origin: *
vary: Accept-Encoding
x-sc-h: 22-dsya

GET
H2 200 bping.php
l.pm-serv.co/ Frame B838 35 B
164 B 45ms
32ms Image
image/gif 23.47.144.150
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://l.pm-serv.co/bping.php?vgd_len=2220&&vgd_cdv=1047&vgd_cage=1&vgd_tsce=L223&vgd_wlstp=1&vgd_mcf=84362&gdpr=0&mspa=0&prid=8PRVCXX19&cid=8CUK73G0A&crid=916135386&vi=1691808613972542632&ugd=4&lf=6&cc=CA&sc=ON&lper=100&wsip=170785058&r=1691808613969&rrr=J6beHulmN73UV5fGpDlpxVGt8RXW8ytIa1k-njEziYM8Ps64aG91zMLbiRY1sK8gJOaUOOW0_2xTlZDdSFuOfPtIOjq763JK0AbP7kN33XYTSAHCfzIWyA%3D%3D&requrl=https%3A%2F%2Fwww.mediafire.com&vgde_bdata=QOfvzxjj~77vWfX9~8xLjMjv9~myJLEYv9.uX~eBMJ-Nv9.iu~e8QMQOvfW9~ONfvu~QNOvmz~eM1QzvuAFhWh~ejfLMQOvf9fA9Wuuf9~8xLjMGvAu9u.9F~xLjM7UNv9~Q7OvX9HiXFAfh~c0v.*e8OJm.*~e8QMxLjMGv9.WW~8EvulDJu5~kGGv9~e8QMxLjMjvA9~L88Ex1v9%2C9~J7vuF~LNvf%2CHi~LEQMQOvf9fA9Wuuf9~e8QMGvWWf.iH~xLjMGv9.Af~ejfLMxLjMGv9~ejfLMxLjMe8vu4ouF~xLjM7e8v9~xLjMjv9~yN17vX9uH99~GGvufW~eev9~jfLMGvu999~JLEYv9.uX~ejfLMxLjMUNv949~ejfLMxEMjvf9~GYvu~1AEMGvF.ff%2CfF.XX~Q8OvWNGJhi1fHHiOhOhNGWWhkGFWXFJJuAG1~QOv9~x8OvfV1ZYQ3Y28uIHC-VX%2F~G7OvffAiWuAAF9hFiXhh9HWFFX9AHX9if9f9WufA9H9FHWFXHufXA9WuFfAu9iuHhHAWhuHHWiufWWHhiAFihXFHWifhHff9hhuXhhhAAuf~UGMQLNvUGG~eBxv9.iu~OfEMjvu9~AENkvu9u9~x8Yv9~OYYMQ7LyvJNE~ejfLMxEMGv9~OfEMGv9.iW~myOfEMGv9.iF~exLjMGv9.iA~QQvIK~NNv%3DK~UGMOjvzS1~x8Bvou~NJv9~LEQMGvfF.XX~exLjMjv9~%3DVvfiWH~UGMxNvu~z7Qvu~UGMxjvzS1~UGMNNUQvu~c0fv.*OmBzjm1O.*~N7v7mLmz7m~GQQMC_pvIK%2CIK~8exLjMGvu.9W~0sv9~8Q8kv9~UGM77v9~G8Ov9.uX~UGME7vIm7n0LmNJQQJO~ONvW~ejfLMGvF.ff~8exLjMjv9~NGOEv9.uAf~GQGv9~7yQvA99-fX9~zQlvu~GQEv9~7Y-vfHA~875EJM8Ovf~QJjjJLM71yM8OvX9HiXFAfh~QxEEj5M71yM8OvSfuWWfWHH9fhSrJQU7mEo2mzJA~OJ7JN7JOM71yM8Ov~e8JB1G8j875v9.iu~EmQvu~N7LvH.iAHhAHWihFWW9Au4oH~1OGjUvX9HiXFAfh~1YEvu~N1LL8JLVOv9~myG8Ov9.uX9~GkjLv9.9u9~Qx8Ov~O7NvJ1Q7MQN~8QMmL7Gvu~OYYMJLEYvk1jQJ~OYYvJNE~GOEN1EOv9~O1jyvJNEM1x7m~QmGEv~w7Yjvu~ONx7vu9~OmyGv9ou~JNEMxQJOvGJjmBM%20X9~JNEMEX9v9.uhhff~JNEMEhXv9.XW9HX~8GNvu&ssld=%7B%22QQ8E%22%3A%22WF.HW.uH.9%22%2C%22QQNN%22%3A%22%3DK%22%2C%22QQQN%22%3A%22%3DKoaI%22%2C%22QQN75%22%3A%22_mLmz7m%22%7D&vgd_ydspr=1&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=136787&vgd_rakh=1691808613196297299&vgd_l1rhst=c.pm-serv.co&vgd_rpth=%2Fnpfm.js&vgd_hb_audit_1=8CUBMNV74&vgd_hb_audit_2=221337478&vgd_pgid=p01454449509t202308120250&vgd_pgids=1&vgd_uspa=0&vgd_mspa=0&vgd_mspad=a&hvsid=00001691808613965014459899224218&gdpr=0&mspa=0&vgd_l2type=scs_newfl&vgd_end=1
Requested by: Host: mnadshield-a.akamaihd.net
URL: https://mnadshield-a.akamaihd.net/creativewrapper/0-0-1/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.47.144.150 Piscataway, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-47-144-150.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mnadshield-a.akamaihd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Sat, 12 Aug 2023 02:50:14 GMT
cache-control: max-age=0, no-cache, no-store
expires: Sat, 12 Aug 2023 02:50:14 GMT
content-length: 35
content-type: image/gif

GET
H2 200 checksync.php Show response
contextual.media.net/ Frame B683 31 KB
11 KB 154ms
73ms Document
text/html 23.52.163.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/checksync.php?vsSync=1&cs=6&cv=31&https=1&cid=8CUBMNV74&prvid=2034%2C2033%2C3022%2C2031%2C2030%2C3020%2C251%2C273%2C175%2C2009%2C178%2C255%2C2028%2C3018%2C2027%2C3017%2C214%2C2025%2C336%2C117%2C3014%2C359%2C459%2C99%2C77%2C38%2C3011%2C182%2C3010%2C261%2C141%2C262%2C461%2C222%2C201%2C3007%2C246%2C301%2C4%2C203%2C225%2C10000%2C80%2C9&itype=EBDA&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1

Requested by

Host: mnadshield-a.akamaihd.net
URL: https://mnadshield-a.akamaihd.net/creativewrapper/0-0-1/html/container.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.52.163.93 New York, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-52-163-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

557cbfb9fd31820240adbd25267f36c45948ab89f9feb8b1cea4bb9e4d6e63b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://mnadshield-a.akamaihd.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: max-age=172800
content-encoding: gzip
content-length: 10581
content-type: text/html; charset=UTF-8
date: Sat, 12 Aug 2023 02:50:14 GMT
expires: Mon, 14 Aug 2023 02:50:14 GMT
p3p: CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
server: Apache
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-mnet-hl2: E

GET
H2

200

cksync.html Show response
contextual.media.net/ Frame 9C0F
Redirect Chain

https://p.rfihub.com/cm?pub=19967&in=1&forward=https%3A%2F%2Fcontextual.media.net%2Fcksync.html%3Fcs%3D6%26vsid%3D3348102148992256000V10%26type%3Drkt%26refUrl%3D%26vid%3D180861416733481021489922560...
https://contextual.media.net/cksync.html?cs=6&vsid=3348102148992256000V10&type=rkt&refUrl=&vid=18086141673348102148992256000V10&ovsid=969751690948724780

235 B
658 B

83ms
82ms

Document
text/html

23.52.163.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/cksync.html?cs=6&vsid=3348102148992256000V10&type=rkt&refUrl=&vid=18086141673348102148992256000V10&ovsid=969751690948724780

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=6&cv=31&https=1&cid=8CUBMNV74&prvid=2034%2C2033%2C3022%2C2031%2C2030%2C3020%2C251%2C273%2C175%2C2009%2C178%2C255%2C2028%2C3018%2C2027%2C3017%2C214%2C2025%2C336%2C117%2C3014%2C359%2C459%2C99%2C77%2C38%2C3011%2C182%2C3010%2C261%2C141%2C262%2C461%2C222%2C201%2C3007%2C246%2C301%2C4%2C203%2C225%2C10000%2C80%2C9&itype=EBDA&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.52.163.93 New York, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-52-163-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

7adfac299561b9d5ab03c88e9d582cf76bd31746a4c0564d7d0d428199c943df

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://contextual.media.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: max-age=0, no-cache, no-store
content-length: 235
content-type: text/html;charset=UTF-8
date: Sat, 12 Aug 2023 02:50:17 GMT
expires: Sat, 12 Aug 2023 02:50:17 GMT
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA" CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
pragma: no-cache
server: Apache
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-mnet-hl2: E

Redirect headers

Content-Length: 0
Date: Sat, 12 Aug 2023 02:50:17 GMT
Location: https://contextual.media.net/cksync.html?cs=6&vsid=3348102148992256000V10&type=rkt&refUrl=&vid=18086141673348102148992256000V10&ovsid=969751690948724780
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Server: Jetty(9.4.51.v20230217)

GET
H2

200

cksync.php
contextual.media.net/ Frame B683
Redirect Chain

https://sync.go.sonobi.com/us?https://contextual.media.net/cksync.php?cs=6&vsid=3348102148992256000V10&type=son&refUrl=&vid=18086141673348102148992256000V10&ovsid=[UID]
https://contextual.media.net/cksync.php?cs=6&vsid=3348102148992256000V10&type=son&refUrl=&vid=18086141673348102148992256000V10&ovsid=c05c2308-1beb-44b3-94bf-f9ad2dcc55ea

61 B
471 B

88ms
88ms

Image
image/gif

23.52.163.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.php?cs=6&vsid=3348102148992256000V10&type=son&refUrl=&vid=18086141673348102148992256000V10&ovsid=c05c2308-1beb-44b3-94bf-f9ad2dcc55ea

Requested by

Protocol

Server

23.52.163.93 New York, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-52-163-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

cc0e716595a20cd577f4cba25c11b4b54d92311f5f4bf22b992af281cabbc0c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Sat, 12 Aug 2023 02:50:14 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 61
x-mnet-hl2: E
expires: Sat, 12 Aug 2023 02:50:14 GMT

Redirect headers

pragma: no-cache
date: Sat, 12 Aug 2023 02:50:14 GMT
server: sonobi-go
vary: negotiate,Accept-Encoding
x-go-server: go-iad-2-6-167
content-type: text/plain; charset=utf8
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://contextual.media.net/cksync.php?cs=6&vsid=3348102148992256000V10&type=son&refUrl=&vid=18086141673348102148992256000V10&ovsid=c05c2308-1beb-44b3-94bf-f9ad2dcc55ea
cache-control: no-cache, no-store, private
tcn: Choice
content-length: 0
x-xss-protection: 0
expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2

200

cksync
cs.media.net/ Frame B683
Redirect Chain

https://cm.g.doubleclick.net/pixel?cs=6&google_nid=media&google_cm=1&google_hm=MzM0ODEwMjE0ODk5MjI1NjAwMFYxMA%3D%3D&google_sc=1
https://cs.media.net/cksync?type=g&cs=6&google_gid=CAESEHcx54AMW0a8aFTSajpM7eQ&google_cver=1

61 B
452 B

128ms
113ms

Image
image/gif

23.198.216.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.media.net/cksync?type=g&cs=6&google_gid=CAESEHcx54AMW0a8aFTSajpM7eQ&google_cver=1
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=6&cv=31&https=1&cid=8CUBMNV74&prvid=2034%2C2033%2C3022%2C2031%2C2030%2C3020%2C251%2C273%2C175%2C2009%2C178%2C255%2C2028%2C3018%2C2027%2C3017%2C214%2C2025%2C336%2C117%2C3014%2C359%2C459%2C99%2C77%2C38%2C3011%2C182%2C3010%2C261%2C141%2C262%2C461%2C222%2C201%2C3007%2C246%2C301%2C4%2C203%2C225%2C10000%2C80%2C9&itype=EBDA&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1
Protocol: H2
Server: 23.198.216.24 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-198-216-24.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: cc0e716595a20cd577f4cba25c11b4b54d92311f5f4bf22b992af281cabbc0c7

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 12 Aug 2023 02:50:15 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 61
x-mnet-hl2: E
expires: Sat, 12 Aug 2023 02:50:15 GMT

Redirect headers

pragma: no-cache
date: Sat, 12 Aug 2023 02:50:14 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://cs.media.net/cksync?type=g&cs=6&google_gid=CAESEHcx54AMW0a8aFTSajpM7eQ&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 301
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

cksync.php
contextual.media.net/ Frame B683
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=MEDIANET&rurl=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D6%26vsid%3D3348102148992256000V10%26type%3Ddxu%26refUrl%3D%26vid%3D18086141673348102148992...
https://pm.w55c.net/ping_match.gif?scc=1&ei=MEDIANET&rurl=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D6%26vsid%3D3348102148992256000V10%26type%3Ddxu%26refUrl%3D%26vid%3D18086141673348102...
https://contextual.media.net/cksync.php?cs=6&vsid=3348102148992256000V10&type=dxu&refUrl=&vid=18086141673348102148992256000V10&ovsid=ZWGwQDBy1QuEHJ5

61 B
459 B

89ms
89ms

Image
image/gif

23.52.163.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.php?cs=6&vsid=3348102148992256000V10&type=dxu&refUrl=&vid=18086141673348102148992256000V10&ovsid=ZWGwQDBy1QuEHJ5

Requested by

Protocol

Server

23.52.163.93 New York, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-52-163-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

cc0e716595a20cd577f4cba25c11b4b54d92311f5f4bf22b992af281cabbc0c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Sat, 12 Aug 2023 02:50:15 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 61
x-mnet-hl2: E
expires: Sat, 12 Aug 2023 02:50:15 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 12 Aug 2023 02:50:15 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/v2.0.30-785-gcf3d607#rel-ec2-master i-057648efc910a16d8@us-east-1d@dxedge-app-us-east-1-prod-asg
Location: https://contextual.media.net/cksync.php?cs=6&vsid=3348102148992256000V10&type=dxu&refUrl=&vid=18086141673348102148992256000V10&ovsid=ZWGwQDBy1QuEHJ5
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

cksync.php
contextual.media.net/ Frame B683
Redirect Chain

https://x.bidswitch.net/sync?ssp=medianet&gdpr=0&gdpr_consent=&gdpr_pd=1
https://x.bidswitch.net/ul_cb/sync?ssp=medianet&gdpr=0&gdpr_consent=&gdpr_pd=1
https://rtb.mfadsrvr.com/sync?ssp=bidswitch&bidswitch_ssp_id=medianet&bsw_user_id=8c1fa4d4-d86f-4c58-b47d-bc009fd65439&gdpr=0&gdpr_consent=&us_privacy=
https://rtb.mfadsrvr.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=medianet&bsw_user_id=8c1fa4d4-d86f-4c58-b47d-bc009fd65439&gdpr=0&gdpr_consent=&us_privacy=
https://x.bidswitch.net/sync?dsp_id=250&expires=14&user_id=ae35350f-54ef-4faa-aa35-923f5bed90ca&ssp=medianet&gdpr=0
https://contextual.media.net/cksync.php?cs=1&type=bs&ovsid=8c1fa4d4-d86f-4c58-b47d-bc009fd65439&gdpr=0&gdpr_consent=&gdpr_pd=

61 B
472 B

79ms
79ms

Image
image/gif

23.52.163.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.php?cs=1&type=bs&ovsid=8c1fa4d4-d86f-4c58-b47d-bc009fd65439&gdpr=0&gdpr_consent=&gdpr_pd=

Requested by

Protocol

Server

23.52.163.93 New York, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-52-163-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

cc0e716595a20cd577f4cba25c11b4b54d92311f5f4bf22b992af281cabbc0c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Sat, 12 Aug 2023 02:50:14 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 61
x-mnet-hl2: E
expires: Sat, 12 Aug 2023 02:50:14 GMT

Redirect headers

Location: //contextual.media.net/cksync.php?cs=1&type=bs&ovsid=8c1fa4d4-d86f-4c58-b47d-bc009fd65439&gdpr=0&gdpr_consent=&gdpr_pd=
Date: Sat, 12 Aug 2023 02:50:14 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H2

200

cksync.php
contextual.media.net/ Frame B683
Redirect Chain

https://b1sync.zemanta.com/usersync/medianet/?puid=${VSID}&cb=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D1%26type%3Dzem%26ovsid%3D__ZUID__https%3A%2F%2Fcontextual.media.net%2Fcksync.php...
https://stags.bluekai.com/site/23178?id=l5cgCCrvH8Bt2IR0Zk6g&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS6Y3PNZ2GK6DUOVQWYLTNMVSGSYJONZSXIL3DNNZXS3TD...
https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS6Y3PNZ2GK6DUOVQWYLTNMVSGSYJONZSXIL3DNNZXS3TDFZYGQ4B7MNZT2MJGMV4GG2DBNZTWKPLNMVSGSYLOMV2CM33WONUWIPLMGVRWOQ2DOJ3EQOCCOQZESURQLJVTM...
https://contextual.media.net/cksync.php?cs=1&ovsid=l5cgCCrvH8Bt2IR0Zk6ghttps%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D6&ovsid=__ZUID__&refUrl=&type=zem&type=zem&vid=180861416733481021489922...

60 B
298 B

65ms
65ms

Image
image/gif

23.52.163.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.php?cs=1&ovsid=l5cgCCrvH8Bt2IR0Zk6ghttps%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D6&ovsid=__ZUID__&refUrl=&type=zem&type=zem&vid=18086141673348102148992256000V10&vsid=3348102148992256000V10

Requested by

Protocol

Server

23.52.163.93 New York, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-52-163-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0c34dc4de2a524e93b1315788f03ba101b99e22ff50082945e84a00368d73e16

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Sat, 12 Aug 2023 02:50:15 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 60
x-mnet-hl2: E
expires: Sat, 12 Aug 2023 02:50:15 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 12 Aug 2023 02:50:15 GMT
Content-Type: text/html; charset=utf-8
Location: https://contextual.media.net/cksync.php?cs=1&ovsid=l5cgCCrvH8Bt2IR0Zk6ghttps%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D6&ovsid=__ZUID__&refUrl=&type=zem&type=zem&vid=18086141673348102148992256000V10&vsid=3348102148992256000V10
P3p: CP="We do not support P3P header."
Cache-Control: no-cache, no-store, must-revalidate
Content-Length: 284
Expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2

200

cksync.php
contextual.media.net/ Frame B683
Redirect Chain

https://rtb.mfadsrvr.com/sync?ssp=medianet&ssp_user_id=3348102148992256000V10
https://rtb.mfadsrvr.com/ul_cb/sync?ssp=medianet&ssp_user_id=3348102148992256000V10
https://contextual.media.net/cksync.php?type=mf&ovsid=ae35350f-54ef-4faa-aa35-923f5bed90ca&cs=1

61 B
472 B

79ms
78ms

Image
image/gif

23.52.163.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.php?type=mf&ovsid=ae35350f-54ef-4faa-aa35-923f5bed90ca&cs=1

Requested by

Protocol

Server

23.52.163.93 New York, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-52-163-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

cc0e716595a20cd577f4cba25c11b4b54d92311f5f4bf22b992af281cabbc0c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Sat, 12 Aug 2023 02:50:14 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 61
x-mnet-hl2: E
expires: Sat, 12 Aug 2023 02:50:14 GMT

Redirect headers

location: //contextual.media.net/cksync.php?type=mf&ovsid=ae35350f-54ef-4faa-aa35-923f5bed90ca&cs=1
date: Sat, 12 Aug 2023 02:50:14 GMT
cache-control: no-cache, no-store, must-revalidate
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2

200

cksync
cs.media.net/ Frame B683
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=8m33zk4&ttd_tpi=1&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmb/generic?ttd_pid=8m33zk4&ttd_tpi=1&gdpr=0&gdpr_consent=
https://cs.media.net/cksync?cs=1&type=ttd&ovsid=0f47a966-b427-4320-bc28-81b881249716

61 B
457 B

105ms
105ms

Image
image/gif

23.198.216.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.media.net/cksync?cs=1&type=ttd&ovsid=0f47a966-b427-4320-bc28-81b881249716
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=6&cv=31&https=1&cid=8CUBMNV74&prvid=2034%2C2033%2C3022%2C2031%2C2030%2C3020%2C251%2C273%2C175%2C2009%2C178%2C255%2C2028%2C3018%2C2027%2C3017%2C214%2C2025%2C336%2C117%2C3014%2C359%2C459%2C99%2C77%2C38%2C3011%2C182%2C3010%2C261%2C141%2C262%2C461%2C222%2C201%2C3007%2C246%2C301%2C4%2C203%2C225%2C10000%2C80%2C9&itype=EBDA&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1
Protocol: H2
Server: 23.198.216.24 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-198-216-24.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: cc0e716595a20cd577f4cba25c11b4b54d92311f5f4bf22b992af281cabbc0c7

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 12 Aug 2023 02:50:15 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 61
x-mnet-hl2: E
expires: Sat, 12 Aug 2023 02:50:15 GMT

Redirect headers

pragma: no-cache
date: Sat, 12 Aug 2023 02:50:15 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://cs.media.net/cksync?cs=1&type=ttd&ovsid=0f47a966-b427-4320-bc28-81b881249716
content-type: text/html
cache-control: private,no-cache, must-revalidate
content-length: 199

GET
H2

200

cksync.php
contextual.media.net/ Frame B683
Redirect Chain

https://creativecdn.com/cm-notify?pi=medianet
https://creativecdn.com/cm-notify?pi=medianet&tc=1
https://contextual.media.net/cksync.php?cs=1&vsid=%7BMedia.net_User_id%7D&type=rbh&ovsid=3fihSmmzCYC79SsfRXmo&pi=medianet&tc=1

61 B
463 B

158ms
158ms

Image
image/gif

23.52.163.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.php?cs=1&vsid=%7BMedia.net_User_id%7D&type=rbh&ovsid=3fihSmmzCYC79SsfRXmo&pi=medianet&tc=1

Requested by

Protocol

Server

23.52.163.93 New York, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-52-163-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

cc0e716595a20cd577f4cba25c11b4b54d92311f5f4bf22b992af281cabbc0c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Sat, 12 Aug 2023 02:50:16 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 61
x-mnet-hl2: E
expires: Sat, 12 Aug 2023 02:50:16 GMT

Redirect headers

location: https://contextual.media.net/cksync.php?cs=1&vsid=%7BMedia.net_User_id%7D&type=rbh&ovsid=3fihSmmzCYC79SsfRXmo&pi=medianet&tc=1
pragma: no-cache
date: Sat, 12 Aug 2023 02:50:15 GMT, Sat, 12 Aug 2023 02:50:15 GMT
cache-control: no-cache, no-store, must-revalidate, private, max-age=0
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3 200 -ad.jpg Show response
fundingchoicesmessages.google.com/f/AGSKWxVe0rXTOM1CdEV4FmndGsdrqhUjR9JTceGBY8RJ0Ja4vzaLkyPLFUeUHpETARhMMYeykPdo59kxLK9TTM9lph_crBLuNmeJ3pStpEQbQsZHFWsJz56uOSUwQ0fuP13JHiCkvWBKjAfC0L7iaQdJdi3Kr0yhr... 54 B
109 B 56ms
55ms Script
application/javascript 142.251.40.142
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxVe0rXTOM1CdEV4FmndGsdrqhUjR9JTceGBY8RJ0Ja4vzaLkyPLFUeUHpETARhMMYeykPdo59kxLK9TTM9lph_crBLuNmeJ3pStpEQbQsZHFWsJz56uOSUwQ0fuP13JHiCkvWBKjAfC0L7iaQdJdi3Kr0yhrCBJH0ulASNTwJ82WiBziAv8HW6kVKmu/_/original/ad_/TWBadbanner.-ads-prod/-ad.jpg?_460_60.

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.T-FDzeQtR6c.es5.O/d=1/exm=kernel_loader,loader_js_executable/ed=1/rs=AJlcJMw_V9rh8ptu8ozEA5N6fjWXbxqDhw/m=ad_blocking_detection_executable

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.142 Newark, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s80-in-f14.1e100.net

Software

ESF /

Resource Hash

684b000cd0e5e065490fc1d6dc84790e95f90e0116b1ffd7b95b036dbd96dd1c

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-P5JPaBFBdDQxWovG_GDhAg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:14 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-P5JPaBFBdDQxWovG_GDhAg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 rum.js Show response
pagead2.googlesyndication.com/pagead/js/ 62 KB
24 KB 3416ms
47ms Script
text/javascript 142.251.40.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/rum.js?fcd=true

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.T-FDzeQtR6c.es5.O/d=1/exm=kernel_loader,loader_js_executable/ed=1/rs=AJlcJMw_V9rh8ptu8ozEA5N6fjWXbxqDhw/m=ad_blocking_detection_executable

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.40.194 Newark, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s38-in-f2.1e100.net

Software

cafe /

Resource Hash

d2636cca6fd2ffd484e21ad5d3e1b9fab2d89378e756e8945574f8ed0def8131

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:36:10 GMT
content-encoding: br
x-content-type-options: nosniff
age: 847
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23834
x-xss-protection: 0
server: cafe
etag: 8817035236017185747
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Sat, 12 Aug 2023 03:36:10 GMT

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWaiPIMA9JjuFsxpfeV3zMyrnDlW0zodD06ViD7Ggw_9XbzHwY6Lfwns9f7gzUJ9SrlxapsLOTHu62VZsDA-MLyEcWLiJEm4gGDVYrZe6VUw_xMOm71b1-OKdK_IKJe8hCdAEfExQ==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.142 Newark, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s80-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-cCPfR3KVKX8oRnr3AWnkzw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 12 Aug 2023 02:50:14 GMT
content-security-policy: script-src 'report-sample' 'nonce-cCPfR3KVKX8oRnr3AWnkzw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.mediafire.com
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWaiPIMA9JjuFsxpfeV3zMyrnDlW0zodD06ViD7Ggw_9XbzHwY6Lfwns9f7gzUJ9SrlxapsLOTHu62VZsDA-MLyEcWLiJEm4gGDVYrZe6VUw_xMOm71b1-OKdK_IKJe8hCdAEfExQ==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.142 Newark, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s80-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-Bof_a6g5AxVjM2ZFV1gNYQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 12 Aug 2023 02:50:14 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-Bof_a6g5AxVjM2ZFV1gNYQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.mediafire.com
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame F57E 107 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dfa1028a74436c56e0ee1367812c0ee599d6814ec4a3079ca9b9afffba949e26

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame F57E 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 Roboto-Bold.woff
c.pm-serv.co/__media__/fonts/Roboto-Bold/ Frame F57E 24 KB
24 KB 33ms
33ms Font
font/woff 23.47.144.150
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pm-serv.co/__media__/fonts/Roboto-Bold/Roboto-Bold.woff
Requested by: Host: c.pm-serv.co
URL: https://c.pm-serv.co/sr/2722522032/SAFEFRAME.html?ule=2384&&kkdd=A3%7CW%7C9uh3*AnH&Rw=hSMhCOCShUMVT_JTSUT&DeWE=O&YuWb=O&(u-d=yTTU&-we=C83AVUZOK&-W-e=DLami3hSYvQG!HzRL8crai%3D%3D&-Ewe=MhShU_UCS&uwnd=UOO*T_O&--=8K&u-=0j&-1zY=r8!&Wwe=C!04_rCgS&(Wwe=26glpTC&1((Wu=h&EEE=4SadqsXYjVU37_kZWgXW*7Z(CvlpCL()bhfczNrnwm9C!uSJbZMhn9yawvmhuACD40b300pO5T*2XGge6Qs0k!()0NHVSU4AOKa!VfjUUlm26Kq8kn)pLK%3D%3D&zud=_&Xi=h&sDe=J&be(h=C83.9j7VJ&be(T=TThUUVJVC&aeb(b=ueT%3DzsXXo((%3DCT_OowsEX5X%3DOo~DdEWY%3DOBh_oRi5d*-%3DOBMhoRwu5ue%3DTCOoe-T%3Dhou-e%3D~zoR5buz%3DhUSVCVoRXTE5ue%3DTOTUOChhTOowsEX5a%3DUhOhBOSosEX5(f-%3DOou(e%3D_OJM_SUTVo9!%3DBxRwed~BxoRwu5sEX5a%3DOBCCowW%3DhnvdhLokaa%3DOoRwu5sEX5X%3DUOoEwwWsb%3DO%2COod(%3DhSoE-%3DT%2CJMoEWu5ue%3DTOTUOChhTOoRwu5a%3DCCTBMJosEX5a%3DOBUToRXTE5sEX5a%3DOoRXTE5sEX5Rw%3DhrchSosEX5(Rw%3DOosEX5X%3DOoD-b(%3D_OhJOOoaa%3DhTCoRR%3DOoXTE5a%3DhOOOodEWY%3DOBh_oRXTE5sEX5f-%3DOrOoRXTE5sW5X%3DTOoaY%3DhobUW5a%3DSBTT%2CTSB__ouwe%3DC-adVMbTJJMeVeV-aCCVkaSC_SddhUaboue%3DOoswe%3DT)bZYumYGwhjJA*)_7oa(e%3DTTUMChUUSOVSM_VVOJCSS_OUJ_OMTOTOChTUOJOSJCS_JhT_UOChSTUhOMhJVJUCVhJJCMhTCCJVMUSMV_SJCMTVJTTOVVh_VVVUUhTofa5uE-%3DfaaoRis%3DOBMhoeTW5X%3DhOoUW-k%3DhOhOoswY%3DOoeYY5u(ED%3Dd-WoRXTE5sW5a%3DOoeTW5a%3DOBMCo~DeTW5a%3DOBMSoRsEX5a%3DOBMUouu%3DjKo--%3D8Kofa5eX%3Dz%2Fboswi%3Dcho-d%3DOoEWu5a%3DTSB__oRsEX5X%3DOo8)%3DTMCJofa5s-%3Dhoz(u%3Dhofa5sX%3Dz%2Fbofa5--fu%3Dho9!T%3DBxe~izX~beBxo-(%3D(~E~z(~oauu5A2p%3DjK%2CjKowRsEX5a%3DhBOCo!Q%3DOowuwk%3DOofa5((%3DOoawe%3DOBh_ofa5W(%3Dj~(%20!E~-duudeoe-%3DCoRXTE5a%3DSBTTowRsEX5X%3DOo-aeW%3DOBhUToaua%3DOo(Du%3DUOO*T_Oozun%3DhoauW%3DOo(Y*%3DTJUow(LWd5we%3DToudXXdE5(bD5we%3D_OJM_SUTVousWWXL5(bD5we%3D%2FThCCTCJJOTV%2Fgduf(~WcG~zdUoed(d-(de5(bD5we%3DoRwdibawXw(L%3DOBMhoW~u%3Dho-(E%3DJBMUJVUJCMVSCCOUhrcJobeaXf%3D_OJM_SUTVobYW%3Dho-bEEwdE)e%3DOo~Dawe%3DOBh_OoakXE%3DOBOhOouswe%3Doe(-%3Ddbu(5u-owu5~E(a%3DhoeYY5dEWY%3DkbXudoeYY%3Dd-WoaeW-bWe%3DOoebXD%3Dd-W5bs(~ou~aW%3Do1(YX%3Dhoe-s(%3DhOoe~Da%3DOchod-W5sude%3DadX~i5H_Ood-W5W_O%3DOBhVVTTod-W5WV_%3DOB_COJ_owa-%3Dh&z(R=O&YYY=sl~ujk)gHrf%3D&wi=UOO&wz)kE=h&aeE)e=J_M&iXu(W=h&Y-k=CJUST&LeuWE=h&abd=.Jb.HdHJ.Do.Jb.HdbD.DoJdd&fb(WEd=h&fb(awe=chOT&-be~Ybwz=(nvc1y-Xcy5Yh)rja~l1p2hhOVC_qfuuH-gKqu)u_qF%3D&wuwe=_&beR=!EdYwsY%206dbE-1du&WDwe=WOhJ_JJJM_OM(TOTUOChTOT_O&uuXe=%7B%22uuwW%22%3A%22CSBJCBhJBO%22%2C%22uu--%22%3A%228K%22%2C%22uuu-%22%3A%228Kc0j%22%2C%22uu-(L%22%3A%222~E~z(~%22%7D&1(YXuE-=h&(-k5-YW=h&ure=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.47.144.150 Piscataway, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-47-144-150.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: c8a7ea184c79a6f61c400968314d03aae7c327f03efc03603f6a3cbada7bfb9a

Request headers

Referer: https://c.pm-serv.co/sr/2722522032/SAFEFRAME.html?ule=2384&&kkdd=A3%7CW%7C9uh3*AnH&Rw=hSMhCOCShUMVT_JTSUT&DeWE=O&YuWb=O&(u-d=yTTU&-we=C83AVUZOK&-W-e=DLami3hSYvQG!HzRL8crai%3D%3D&-Ewe=MhShU_UCS&uwnd=UOO*T_O&--=8K&u-=0j&-1zY=r8!&Wwe=C!04_rCgS&(Wwe=26glpTC&1((Wu=h&EEE=4SadqsXYjVU37_kZWgXW*7Z(CvlpCL()bhfczNrnwm9C!uSJbZMhn9yawvmhuACD40b300pO5T*2XGge6Qs0k!()0NHVSU4AOKa!VfjUUlm26Kq8kn)pLK%3D%3D&zud=_&Xi=h&sDe=J&be(h=C83.9j7VJ&be(T=TThUUVJVC&aeb(b=ueT%3DzsXXo((%3DCT_OowsEX5X%3DOo~DdEWY%3DOBh_oRi5d*-%3DOBMhoRwu5ue%3DTCOoe-T%3Dhou-e%3D~zoR5buz%3DhUSVCVoRXTE5ue%3DTOTUOChhTOowsEX5a%3DUhOhBOSosEX5(f-%3DOou(e%3D_OJM_SUTVo9!%3DBxRwed~BxoRwu5sEX5a%3DOBCCowW%3DhnvdhLokaa%3DOoRwu5sEX5X%3DUOoEwwWsb%3DO%2COod(%3DhSoE-%3DT%2CJMoEWu5ue%3DTOTUOChhTOoRwu5a%3DCCTBMJosEX5a%3DOBUToRXTE5sEX5a%3DOoRXTE5sEX5Rw%3DhrchSosEX5(Rw%3DOosEX5X%3DOoD-b(%3D_OhJOOoaa%3DhTCoRR%3DOoXTE5a%3DhOOOodEWY%3DOBh_oRXTE5sEX5f-%3DOrOoRXTE5sW5X%3DTOoaY%3DhobUW5a%3DSBTT%2CTSB__ouwe%3DC-adVMbTJJMeVeV-aCCVkaSC_SddhUaboue%3DOoswe%3DT)bZYumYGwhjJA*)_7oa(e%3DTTUMChUUSOVSM_VVOJCSS_OUJ_OMTOTOChTUOJOSJCS_JhT_UOChSTUhOMhJVJUCVhJJCMhTCCJVMUSMV_SJCMTVJTTOVVh_VVVUUhTofa5uE-%3DfaaoRis%3DOBMhoeTW5X%3DhOoUW-k%3DhOhOoswY%3DOoeYY5u(ED%3Dd-WoRXTE5sW5a%3DOoeTW5a%3DOBMCo~DeTW5a%3DOBMSoRsEX5a%3DOBMUouu%3DjKo--%3D8Kofa5eX%3Dz%2Fboswi%3Dcho-d%3DOoEWu5a%3DTSB__oRsEX5X%3DOo8)%3DTMCJofa5s-%3Dhoz(u%3Dhofa5sX%3Dz%2Fbofa5--fu%3Dho9!T%3DBxe~izX~beBxo-(%3D(~E~z(~oauu5A2p%3DjK%2CjKowRsEX5a%3DhBOCo!Q%3DOowuwk%3DOofa5((%3DOoawe%3DOBh_ofa5W(%3Dj~(%20!E~-duudeoe-%3DCoRXTE5a%3DSBTTowRsEX5X%3DOo-aeW%3DOBhUToaua%3DOo(Du%3DUOO*T_Oozun%3DhoauW%3DOo(Y*%3DTJUow(LWd5we%3DToudXXdE5(bD5we%3D_OJM_SUTVousWWXL5(bD5we%3D%2FThCCTCJJOTV%2Fgduf(~WcG~zdUoed(d-(de5(bD5we%3DoRwdibawXw(L%3DOBMhoW~u%3Dho-(E%3DJBMUJVUJCMVSCCOUhrcJobeaXf%3D_OJM_SUTVobYW%3Dho-bEEwdE)e%3DOo~Dawe%3DOBh_OoakXE%3DOBOhOouswe%3Doe(-%3Ddbu(5u-owu5~E(a%3DhoeYY5dEWY%3DkbXudoeYY%3Dd-WoaeW-bWe%3DOoebXD%3Dd-W5bs(~ou~aW%3Do1(YX%3Dhoe-s(%3DhOoe~Da%3DOchod-W5sude%3DadX~i5H_Ood-W5W_O%3DOBhVVTTod-W5WV_%3DOB_COJ_owa-%3Dh&z(R=O&YYY=sl~ujk)gHrf%3D&wi=UOO&wz)kE=h&aeE)e=J_M&iXu(W=h&Y-k=CJUST&LeuWE=h&abd=.Jb.HdHJ.Do.Jb.HdbD.DoJdd&fb(WEd=h&fb(awe=chOT&-be~Ybwz=(nvc1y-Xcy5Yh)rja~l1p2hhOVC_qfuuH-gKqu)u_qF%3D&wuwe=_&beR=!EdYwsY%206dbE-1du&WDwe=WOhJ_JJJM_OM(TOTUOChTOT_O&uuXe=%7B%22uuwW%22%3A%22CSBJCBhJBO%22%2C%22uu--%22%3A%228K%22%2C%22uuu-%22%3A%228Kc0j%22%2C%22uu-(L%22%3A%222~E~z(~%22%7D&1(YXuE-=h&(-k5-YW=h&ure=1
Origin: https://c.pm-serv.co
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:14 GMT
last-modified: Mon, 16 May 2016 10:39:41 GMT
server: Apache
content-type: font/woff
access-control-allow-origin: *
cache-control: max-age=86400
accept-ranges: bytes
content-length: 24816
expires: Sun, 13 Aug 2023 02:50:14 GMT

GET
H2 200 log
hblg.media.net/ Frame 5D09 35 B
191 B 53ms
52ms Image
image/gif 23.198.216.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hblg.media.net/log?logid=kfke&evtid=adpvlog&__q=Ae4FMgCAjAQAAACAAAAAgAEAAAAIAAAEAAEAAAAAAgEEAAAAAAAAIAAAAAAAAAxQwARAMjBiZjc3ODJlZTA3NDAwYWFjYzBhYjJmNjEzYzEzNGWM3orTAZYHBENBGm1lZGlhZmlyZS5jb20SOENVQk1OVjc0AA4zMDB4MjUwDmVhc3Rfc2MEMjMIRUJEQRI4UFJXMjNIRzUOQklEX0FQSQAAAjA2cnRiLWViZGEtNzRiNTY4Yjc5LXRkZHA3LlNDPjAyMDAwODA4MDc2MjgzMDAzMDAwMjUwMDAwNDI5MDACMAAEARBFWENIQU5HRQICZA&evttyp=1

Requested by

Host: 90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com
URL: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.198.216.24 Piscataway, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-198-216-24.deploy.static.akamaitechnologies.com

Software

Resource Hash

796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400 ; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 12 Aug 2023 02:50:14 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
content-length: 35
expires: Sat, 12 Aug 2023 02:50:14 GMT

GET
H2 200 bql.php Show response
lg3.media.net/ Frame F57E 15 B
160 B 60ms
45ms Script
text/javascript 23.198.216.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://lg3.media.net/bql.php?vgd_len=5890&&vgd_canary=0&vgd_l2type=scs_newfl&fp=aZ1M_0CM9IPwJycvqG4b8whWshfAbFTsQ6h-rhOyk6uNpOQ_V_RDW3sNeu1PJIZGdXVT4Nb_r2QIj8NJ9YAuE5hZ5mMHgZpKusfh0QEiiLTq943dbG-aAmMPkenBLfmefNS2zPL1nsU%3D&cme=GZfggmBI2IOmMOYq2NURpUQ6LHFI9YOOZwU_Mm7USVUkzrlQfUyADLBYG4bPWMFLwOZdbNNWA6sOQPwik3V_pI4JcBkUwsk9eyQassZVLkwr5Sfu7ZZhKkUPWyGTzhPOlBZXRa0rhKm2fKWH7cMkTCbigXjMT7ksCUBK7rPLPXdoCwFFJzrac7zW6nDkbx5qdf_Y3f62LgiMiUdE3Cw7ZTBq8SXxAeHcL7XjmT0QqsQ%3D%7C%7Cu4jGmGq2EA1j0ukOB1gZDCm-Q-ZGxYx3GP02Zz5KRP4Ge4pmxBPupXlmudsHKll8kgHytnBTJPLXKHXOT7klqf2Vdh4RbSp_Krhloc2AsXlQp2XZyG1U0yiGEBJ0tnZkcE1SM6bV0kg4TlBCDzSniPKg3fAAoq4xoecmMnVUQdyUd0eO7ae40jqfQBc0lJgqjJPKt-hFblwWNsMAIPsmIUFbxnpkUs3S7kwTRAQiBhEf00L4ec0kCwcQhrC2LYptNqWixhQIZvVD5-kPnlmH6DPgrA-nzW9Y%7Cu8A6SM53vAc2XPEQqQGsidt9tY65zAos%7CaLCZqGMhZ4KAT3F5cOY6UVqvTa5bhil1%7CfoIS3o4cK7XJ_lHbVkW8Kw%3D%3D%7CLO0HXRkanSDmHZ_OvYUBhCi1JUhACmZt7Elc2PQrfbeNZJSS8aSbcBjxjurBA5l7cvdx556NzUlnC7qL5SwGesfVqWBpMduVG3mTDa2n5lS_qGaWgQ1l_DQ5_qyGcIQkTqhy7Izv-j6vLJHr9b2aAA%3D%3D%7C&subBdr=128&bdrid=459&ksu=224&fdkt=438&vgde_kbbh=ffoyxQJuO&kwd[]=Free+Software+Download&kwt[]=438&kbc[]=500509&kwp[]=1&kid[]=11660601&kbc2[]=3%3D0.20%7C4%3D2.65%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C23%3D0.1118%7C24%3D0%7C25%3D0%7C22%3D0.0822%7C7%3D0.0002%7C8%3D081117%7C9%3D0%7C11%3D0%7C26%3D2268%7C27%3D31%7C13%3D0.0364%7C14%3D081120%7C15%3D0%7Cr%3D5%7Cokt%3D438%7Cbkt%3D438%7Cps%3D0.476&ktd[]=274911592704&kwd[]=Instruction+Manual+Download&kwt[]=438&kbc[]=500509&kwp[]=2&kid[]=15152053&kbc2[]=3%3D0.08%7C4%3D1.78%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C23%3D0.2436%7C24%3D0%7C25%3D0%7C22%3D0.0822%7C7%3D0.0002%7C8%3D081117%7C9%3D0%7C11%3D0%7C26%3D60%7C27%3D0%7C13%3D0.0267%7C14%3D081120%7C15%3D0%7Cr%3D14%7Cokt%3D438%7Cbkt%3D438%7Cps%3D0.476&ktd[]=274894815488&kwd[]=Download+PDF+File&kwt[]=438&kbc[]=500509&kwp[]=3&kid[]=8846385&kbc2[]=3%3D0.09%7C4%3D3.17%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C23%3D0.4502%7C24%3D0%7C25%3D0%7C22%3D0.0822%7C7%3D0.0002%7C8%3D081117%7C9%3D0%7C11%3D0%7C26%3D7769%7C27%3D35%7C13%3D0.0330%7C14%3D081120%7C15%3D0%7Cr%3D4%7Cokt%3D438%7Cbkt%3D438%7Cps%3D0.476&ktd[]=274911592704&kwd[]=Dry+Eyes+Blurred+Vision+Causes&kwt[]=240&kbc[]=90666a704095e5ca23d6ed6f5fe73711.d2s&kwp[]=4&kid[]=273018734&kbc2[]=101%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C23%3D0.0813%7C24%3D0%7C25%3D0%7C22%3D0.0822%7C7%3D0.0001%7C8%3D081117%7C9%3D0%7C11%3D0%7C26%3D190%7C27%3D0%7C13%3D0.0312%7C14%3D081120%7C15%3D0%7Cr%3D7%7Cokt%3D240%7Cbkt%3D240%7Cps%3D0.454&ktd[]=274895077632&kwd[]=2023+List+of+Scholarships&kwt[]=240&kbc[]=90666a704095e5ca23d6ed6f5fe73711.d2s&kwp[]=5&kid[]=350577358&kbc2[]=101%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C23%3D0.7024%7C24%3D0%7C25%3D0%7C22%3D0.0822%7C7%3D0.0002%7C8%3D081117%7C9%3D0%7C11%3D0%7C26%3D211%7C27%3D0%7C13%3D0.0600%7C14%3D081120%7C15%3D0%7Cr%3D3%7Cokt%3D240%7Cbkt%3D240%7Cps%3D0.454&ktd[]=274895077632&v=1&geo=43.68%7C-79.43&dlper=20&lper=100&lpid=&tsid=1&hint=&cc=CA&wsip=170774757&bca=0&ugd=4&vgde_setid=Nff&ssld=%7B%22QQNN%22%3A%22%3DK%22%2C%22QQN75%22%3A%22_mLmz7m%22%2C%22QQ8E%22%3A%22WF.HW.uH.9%22%2C%22QQQN%22%3A%22%3DKoaI%22%7D&cid=8CUK73G0A&vi=1691808613972542632&vsid=3348102148992284&tdAdd[]=asnum%3D136787&vgde_test_data_struct=%7B%22EO7E8O%22%3Au%7D&vgd_adprefflag=01&vgd_fm_lang=EN&vgd_implt=3&vgd_cage=1&vgd_tsce=L223-S223&vgd_l3_sc=ON&vgd_chost=c.pm-serv.co&vgd_sslb=1111&vgd_hb_audit_1=8CUBMNV74&vgd_hb_audit_2=221337478&vgd_katbid=-102&vgd_pdtid=1&vgd_nrrv=13243&vgd_nrrmf=1000c94a&vgd_nrrsf=scrr&vgd_cty=toronto&vgd_ifrmode=14&sttm=1691808613965&upk=1691808614.28394&hvsid=00001691808613965014459899224218&verid=3111299&sbdrId=128&tsrc=entity&kafm_ull_cache=00&vgd_mspa=0&vgd_l1rakh=1691808613196297299&vgd_ecrid=0200080807628300300025000042900&vgd_mspad=a&vgd_isiolc=1&kbbq=%26asn%3D136787&vgd_wlstp=1&vgd_mcf=84362&vgd_vstrid=3348102148992284&vgde_bdata=QOfvzxjj~77vWfX9~8xLjMjv9~myJLEYv9.uX~eBMJ-Nv9.iu~e8QMQOvfW9~ONfvu~QNOvmz~eM1QzvuAFhWh~ejfLMQOvf9fA9Wuuf9~8xLjMGvAu9u.9F~xLjM7UNv9~Q7OvX9HiXFAfh~c0v.*e8OJm.*~e8QMxLjMGv9.WW~8EvulDJu5~kGGv9~e8QMxLjMjvA9~L88Ex1v9%2C9~J7vuF~LNvf%2CHi~LEQMQOvf9fA9Wuuf9~e8QMGvWWf.iH~xLjMGv9.Af~ejfLMxLjMGv9~ejfLMxLjMe8vu4ouF~xLjM7e8v9~xLjMjv9~yN17vX9uH99~GGvufW~eev9~jfLMGvu999~JLEYv9.uX~ejfLMxLjMUNv949~ejfLMxEMjvf9~GYvu~1AEMGvF.ff%2CfF.XX~Q8OvWNGJhi1fHHiOhOhNGWWhkGFWXFJJuAG1~QOv9~x8OvfV1ZYQ3Y28uIHC-VX%2F~G7OvffAiWuAAF9hFiXhh9HWFFX9AHX9if9f9WufA9H9FHWFXHufXA9WuFfAu9iuHhHAWhuHHWiufWWHhiAFihXFHWifhHff9hhuXhhhAAuf~UGMQLNvUGG~eBxv9.iu~OfEMjvu9~AENkvu9u9~x8Yv9~OYYMQ7LyvJNE~ejfLMxEMGv9~OfEMGv9.iW~myOfEMGv9.iF~exLjMGv9.iA~QQvIK~NNv%3DK~UGMOjvzS1~x8Bvou~NJv9~LEQMGvfF.XX~exLjMjv9~%3DVvfiWH~UGMxNvu~z7Qvu~UGMxjvzS1~UGMNNUQvu~c0fv.*OmBzjm1O.*~N7v7mLmz7m~GQQMC_pvIK%2CIK~8exLjMGvu.9W~0sv9~8Q8kv9~UGM77v9~G8Ov9.uX~UGME7vIm7n0LmNJQQJO~ONvW~ejfLMGvF.ff~8exLjMjv9~NGOEv9.uAf~GQGv9~7yQvA99-fX9~zQlvu~GQEv9~7Y-vfHA~875EJM8Ovf~QJjjJLM71yM8OvX9HiXFAfh~QxEEj5M71yM8OvSfuWWfWHH9fhSrJQU7mEo2mzJA~OJ7JN7JOM71yM8Ov~e8JB1G8j875v9.iu~EmQvu~N7LvH.iAHhAHWihFWW9Au4oH~1OGjUvX9HiXFAfh~1YEvu~N1LL8JLVOv9~myG8Ov9.uX9~GkjLv9.9u9~Qx8Ov~O7NvJ1Q7MQN~8QMmL7Gvu~OYYMJLEYvk1jQJ~OYYvJNE~GOEN1EOv9~O1jyvJNEM1x7m~QmGEv~w7Yjvu~ONx7vu9~OmyGv9ou~JNEMxQJOvGJjmBM%20X9~JNEMEX9v9.uhhff~JNEMEhXv9.XW9HX~8GNvu&vgd_bhv_kbb=-1&vgd_cfud=230703&vgd_scsver=165&vgd_optout=0&vgd_ydspr=1&vgd_l2shld=1&vgd_rensize=300_250&vgd_scr_h=1200&vgd_scr_w=1600&vgd_ect=4g&vgd_be=1&vgd_l1rpth=%2Fnpfm.js&vgd_lbt=1000&vgd_mbr=1&vgd_pgids=1&tdAdd[]=uiparams%3D%3Brend_w%3A300%3Brend_h%3A250&vgd_uspa=0&vgd_sc=ON&vgd_l1rhst=c.pm-serv.co&hvsid=00001691808613965014459899224218&rc=0&rand=1691808614371&acid=20bf7782ee07400aacc0ab2f613c134e&matm=1691808614372&vgd_ltimesrc=1&vgd_ltime=651&vgd_rtime=626&vgd_etm=20&vgd_l1hcsd=Spr8r%7C5312&vgd_tcf_cmp=1&vgd_l1ch=1&vgd_lhl=1188&vgd_pgid=p01454449509t202308120250&vgd_kclkp_d=%26sgmt%3D100109&vgd_csip=rtb-ebda-74b568b79-tddp7.SC&vgd_sbSup=0&vgd_nrrs=13243&vgd_cdv=1047&vgd_cntrdt=SF%7Cmnadshield-a.akamaihd.net&vgd_eadm=1&vgd_matchstr=hr%3D0%7C&vgd_end=1

Requested by

Host: c.pm-serv.co
URL: https://c.pm-serv.co/sr/2722522032/SAFEFRAME.html?ule=2384&&kkdd=A3%7CW%7C9uh3*AnH&Rw=hSMhCOCShUMVT_JTSUT&DeWE=O&YuWb=O&(u-d=yTTU&-we=C83AVUZOK&-W-e=DLami3hSYvQG!HzRL8crai%3D%3D&-Ewe=MhShU_UCS&uwnd=UOO*T_O&--=8K&u-=0j&-1zY=r8!&Wwe=C!04_rCgS&(Wwe=26glpTC&1((Wu=h&EEE=4SadqsXYjVU37_kZWgXW*7Z(CvlpCL()bhfczNrnwm9C!uSJbZMhn9yawvmhuACD40b300pO5T*2XGge6Qs0k!()0NHVSU4AOKa!VfjUUlm26Kq8kn)pLK%3D%3D&zud=_&Xi=h&sDe=J&be(h=C83.9j7VJ&be(T=TThUUVJVC&aeb(b=ueT%3DzsXXo((%3DCT_OowsEX5X%3DOo~DdEWY%3DOBh_oRi5d*-%3DOBMhoRwu5ue%3DTCOoe-T%3Dhou-e%3D~zoR5buz%3DhUSVCVoRXTE5ue%3DTOTUOChhTOowsEX5a%3DUhOhBOSosEX5(f-%3DOou(e%3D_OJM_SUTVo9!%3DBxRwed~BxoRwu5sEX5a%3DOBCCowW%3DhnvdhLokaa%3DOoRwu5sEX5X%3DUOoEwwWsb%3DO%2COod(%3DhSoE-%3DT%2CJMoEWu5ue%3DTOTUOChhTOoRwu5a%3DCCTBMJosEX5a%3DOBUToRXTE5sEX5a%3DOoRXTE5sEX5Rw%3DhrchSosEX5(Rw%3DOosEX5X%3DOoD-b(%3D_OhJOOoaa%3DhTCoRR%3DOoXTE5a%3DhOOOodEWY%3DOBh_oRXTE5sEX5f-%3DOrOoRXTE5sW5X%3DTOoaY%3DhobUW5a%3DSBTT%2CTSB__ouwe%3DC-adVMbTJJMeVeV-aCCVkaSC_SddhUaboue%3DOoswe%3DT)bZYumYGwhjJA*)_7oa(e%3DTTUMChUUSOVSM_VVOJCSS_OUJ_OMTOTOChTUOJOSJCS_JhT_UOChSTUhOMhJVJUCVhJJCMhTCCJVMUSMV_SJCMTVJTTOVVh_VVVUUhTofa5uE-%3DfaaoRis%3DOBMhoeTW5X%3DhOoUW-k%3DhOhOoswY%3DOoeYY5u(ED%3Dd-WoRXTE5sW5a%3DOoeTW5a%3DOBMCo~DeTW5a%3DOBMSoRsEX5a%3DOBMUouu%3DjKo--%3D8Kofa5eX%3Dz%2Fboswi%3Dcho-d%3DOoEWu5a%3DTSB__oRsEX5X%3DOo8)%3DTMCJofa5s-%3Dhoz(u%3Dhofa5sX%3Dz%2Fbofa5--fu%3Dho9!T%3DBxe~izX~beBxo-(%3D(~E~z(~oauu5A2p%3DjK%2CjKowRsEX5a%3DhBOCo!Q%3DOowuwk%3DOofa5((%3DOoawe%3DOBh_ofa5W(%3Dj~(%20!E~-duudeoe-%3DCoRXTE5a%3DSBTTowRsEX5X%3DOo-aeW%3DOBhUToaua%3DOo(Du%3DUOO*T_Oozun%3DhoauW%3DOo(Y*%3DTJUow(LWd5we%3DToudXXdE5(bD5we%3D_OJM_SUTVousWWXL5(bD5we%3D%2FThCCTCJJOTV%2Fgduf(~WcG~zdUoed(d-(de5(bD5we%3DoRwdibawXw(L%3DOBMhoW~u%3Dho-(E%3DJBMUJVUJCMVSCCOUhrcJobeaXf%3D_OJM_SUTVobYW%3Dho-bEEwdE)e%3DOo~Dawe%3DOBh_OoakXE%3DOBOhOouswe%3Doe(-%3Ddbu(5u-owu5~E(a%3DhoeYY5dEWY%3DkbXudoeYY%3Dd-WoaeW-bWe%3DOoebXD%3Dd-W5bs(~ou~aW%3Do1(YX%3Dhoe-s(%3DhOoe~Da%3DOchod-W5sude%3DadX~i5H_Ood-W5W_O%3DOBhVVTTod-W5WV_%3DOB_COJ_owa-%3Dh&z(R=O&YYY=sl~ujk)gHrf%3D&wi=UOO&wz)kE=h&aeE)e=J_M&iXu(W=h&Y-k=CJUST&LeuWE=h&abd=.Jb.HdHJ.Do.Jb.HdbD.DoJdd&fb(WEd=h&fb(awe=chOT&-be~Ybwz=(nvc1y-Xcy5Yh)rja~l1p2hhOVC_qfuuH-gKqu)u_qF%3D&wuwe=_&beR=!EdYwsY%206dbE-1du&WDwe=WOhJ_JJJM_OM(TOTUOChTOT_O&uuXe=%7B%22uuwW%22%3A%22CSBJCBhJBO%22%2C%22uu--%22%3A%228K%22%2C%22uuu-%22%3A%228Kc0j%22%2C%22uu-(L%22%3A%222~E~z(~%22%7D&1(YXuE-=h&(-k5-YW=h&ure=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.198.216.24 Piscataway, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-198-216-24.deploy.static.akamaitechnologies.com

Software

Resource Hash

c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://c.pm-serv.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=21600
date: Sat, 12 Aug 2023 02:50:14 GMT
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
content-length: 15
expires: Sat, 12 Aug 2023 02:50:14 GMT

GET
H2 200 checksync.php Show response
contextual.media.net/ Frame C8B4 35 KB
12 KB 90ms
89ms Document
text/html 23.52.163.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUO2689O&prvid=2034%2C2033%2C2030%2C273%2C2028%2C2027%2C2025%2C237%2C117%2C359%2C97%2C55%2C99%2C3012%2C3011%2C3010%2C201%2C3007%2C246%2C4%2C203%2C446%2C9%2C2011%2C3022%2C3020%2C173%2C294%2C251%2C175%2C450%2C2009%2C178%2C255%2C3018%2C3017%2C214%2C336%2C3014%2C337%2C338%2C459%2C77%2C38%2C182%2C261%2C141%2C262%2C461%2C222%2C301%2C225%2C10000%2C80%2C108%2C229%2C307&itype=PREBID&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/js/prebid5.17.0.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.52.163.93 New York, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-52-163-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

bae24450aa2814f5074d59fc73928845b603d65af770cd8d923fa14d98cc2855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.mediafire.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: max-age=172800
content-encoding: gzip
content-length: 11785
content-type: text/html; charset=UTF-8
date: Sat, 12 Aug 2023 02:50:15 GMT
expires: Mon, 14 Aug 2023 02:50:15 GMT
server: Apache
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-mnet-hl2: E

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 2EED 15 KB
6 KB 33ms
32ms Document
text/html 23.77.173.8
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/js/prebid5.17.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.77.173.8 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-77-173-8.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 94061a925c5d84bf776554ac894020c407a9a4c89b979d538de3cf45591fe423

Request headers

Referer: https://www.mediafire.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=87376
content-encoding: gzip
content-length: 5606
content-type: text/html
date: Sat, 12 Aug 2023 02:50:15 GMT
expires: Sun, 13 Aug 2023 03:06:31 GMT
last-modified: Tue, 11 Jul 2023 09:39:35 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H2

200

v1
match.sharethrough.com/sync/
Redirect Chain

https://pm.w55c.net/ping_match.gif?st=ShareThrough&rurl=https%3A%2F%2Fmatch.sharethrough.com%2Fsync%2Fv1%3Fsource_id%3DYnUBs5Yz9Zqjy9VCcoCxquFP%26source_user_id%3D_wfivefivec_
https://pm.w55c.net/ping_match.gif?scc=1&st=ShareThrough&rurl=https%3A%2F%2Fmatch.sharethrough.com%2Fsync%2Fv1%3Fsource_id%3DYnUBs5Yz9Zqjy9VCcoCxquFP%26source_user_id%3D_wfivefivec_
https://match.sharethrough.com/sync/v1?source_id=YnUBs5Yz9Zqjy9VCcoCxquFP&source_user_id=YRRi7ETa1QuEHJ5

68 B
280 B

483ms
35ms

Image
image/png

3.233.86.45
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.sharethrough.com/sync/v1?source_id=YnUBs5Yz9Zqjy9VCcoCxquFP&source_user_id=YRRi7ETa1QuEHJ5
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file
Protocol: H2
Server: 3.233.86.45 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-233-86-45.compute-1.amazonaws.com
Software: /
Resource Hash: 6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:15 GMT
cache-control: no-cache
content-length: 68
content-type: image/png

Redirect headers

Pragma: no-cache
Date: Sat, 12 Aug 2023 02:50:15 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/v2.0.30-785-gcf3d607#rel-ec2-master i-057648efc910a16d8@us-east-1d@dxedge-app-us-east-1-prod-asg
Location: https://match.sharethrough.com/sync/v1?source_id=YnUBs5Yz9Zqjy9VCcoCxquFP&source_user_id=YRRi7ETa1QuEHJ5
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

v1
match.sharethrough.com/sync/
Redirect Chain

https://x.bidswitch.net/sync?ssp=sharethrough&user_id=e99c59d0-4d54-4f2d-892e-d66ddd61f9c6&gdpr=0&gdpr_consent=&gdpr_pd=1&usprivacy=
https://c1.adform.net/serving/cookie/match/?party=24&bidswitch_ssp_id=sharethrough
https://c1.adform.net/serving/cookie/match/?CC=1&party=24&bidswitch_ssp_id=sharethrough
https://x.bidswitch.net/sync?dsp_id=70&user_id=7333337892909792278&ssp=sharethrough
https://match.sharethrough.com/sync/v1?source_id=bf2b131f1f7eff9d8892972c&source_user_id=8c1fa4d4-d86f-4c58-b47d-bc009fd65439&seat_user_id=&seat_key=&gdpr=&gdpr_consent=&gdpr_pd=&us_privacy=

68 B
279 B

110ms
36ms

Image
image/png

3.233.86.45
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.sharethrough.com/sync/v1?source_id=bf2b131f1f7eff9d8892972c&source_user_id=8c1fa4d4-d86f-4c58-b47d-bc009fd65439&seat_user_id=&seat_key=&gdpr=&gdpr_consent=&gdpr_pd=&us_privacy=
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file
Protocol: H2
Server: 3.233.86.45 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-233-86-45.compute-1.amazonaws.com
Software: /
Resource Hash: 6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:15 GMT
cache-control: no-cache
content-length: 68
content-type: image/png

Redirect headers

Location: //match.sharethrough.com/sync/v1?source_id=bf2b131f1f7eff9d8892972c&source_user_id=8c1fa4d4-d86f-4c58-b47d-bc009fd65439&seat_user_id=&seat_key=&gdpr=&gdpr_consent=&gdpr_pd=&us_privacy=
Date: Sat, 12 Aug 2023 02:50:15 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H/1.1 200
OK ecm3
s.amazon-adsystem.com/ 43 B
479 B 42ms
41ms Image
image/gif 52.46.155.104
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=sharethrough.com&id=e99c59d0-4d54-4f2d-892e-d66ddd61f9c6

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.155.104 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 12 Aug 2023 02:50:15 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: TX8NMNWMBK5RAPWMG4Q6
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

v1
match.sharethrough.com/sync/
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=18694&gdpr=0&gdpr_consent=
https://match.sharethrough.com/sync/v1?source_id=UiRtTsXAfjmfSDAKnR1FjWsu&source_user_id=LL7F62HL-1A-EZMV&gdpr=0

68 B
279 B

208ms
36ms

Image
image/png

3.233.86.45
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.sharethrough.com/sync/v1?source_id=UiRtTsXAfjmfSDAKnR1FjWsu&source_user_id=LL7F62HL-1A-EZMV&gdpr=0
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file
Protocol: H2
Server: 3.233.86.45 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-233-86-45.compute-1.amazonaws.com
Software: /
Resource Hash: 6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:15 GMT
cache-control: no-cache
content-length: 68
content-type: image/png

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://match.sharethrough.com/sync/v1?source_id=UiRtTsXAfjmfSDAKnR1FjWsu&source_user_id=LL7F62HL-1A-EZMV&gdpr=0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 314e432eb2d967cf733b82bdbbe35231
Expires: 0

GET
H2 200 sync Show response
gum.criteo.com/ Frame C8B4 88 B
328 B 34ms
34ms Script
text/javascript 74.119.119.139
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sync?r=2&c=321&gdpr=0&gdpr_pd=0&gdpr_consent=&us_privacy=&j=window.advBidxc.mnetRtusId

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUO2689O&prvid=2034%2C2033%2C2030%2C273%2C2028%2C2027%2C2025%2C237%2C117%2C359%2C97%2C55%2C99%2C3012%2C3011%2C3010%2C201%2C3007%2C246%2C4%2C203%2C446%2C9%2C2011%2C3022%2C3020%2C173%2C294%2C251%2C175%2C450%2C2009%2C178%2C255%2C3018%2C3017%2C214%2C336%2C3014%2C337%2C338%2C459%2C77%2C38%2C182%2C261%2C141%2C262%2C461%2C222%2C301%2C225%2C10000%2C80%2C108%2C229%2C307&itype=PREBID&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.119.119.139 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

04d244dceb2702b72b88443cd322bb207495a306146f5aef93f22f53bc005139

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:15 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=3600
server-processing-duration-in-ticks: 1421228
expires: 60

GET
H2

200

cksync.html Show response
contextual.media.net/ Frame CB5E
Redirect Chain

https://p.rfihub.com/cm?pub=19967&in=1&forward=https%3A%2F%2Fcontextual.media.net%2Fcksync.html%3Fcs%3D8%26vsid%3D3348102148992256000V10%26type%3Drkt%26refUrl%3D%26vid%3D180861543833481021489922560...
https://contextual.media.net/cksync.html?cs=8&vsid=3348102148992256000V10&type=rkt&refUrl=&vid=18086154383348102148992256000V10&ovsid=1783777324017357651

235 B
659 B

74ms
74ms

Document
text/html

23.52.163.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/cksync.html?cs=8&vsid=3348102148992256000V10&type=rkt&refUrl=&vid=18086154383348102148992256000V10&ovsid=1783777324017357651

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.52.163.93 New York, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-52-163-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

7adfac299561b9d5ab03c88e9d582cf76bd31746a4c0564d7d0d428199c943df

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://contextual.media.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: max-age=0, no-cache, no-store
content-length: 235
content-type: text/html;charset=UTF-8
date: Sat, 12 Aug 2023 02:50:17 GMT
expires: Sat, 12 Aug 2023 02:50:17 GMT
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA" CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
pragma: no-cache
server: Apache
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-mnet-hl2: E

Redirect headers

Content-Length: 0
Date: Sat, 12 Aug 2023 02:50:17 GMT
Location: https://contextual.media.net/cksync.html?cs=8&vsid=3348102148992256000V10&type=rkt&refUrl=&vid=18086154383348102148992256000V10&ovsid=1783777324017357651
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Server: Jetty(9.4.51.v20230217)

GET
H2

200

cksync.php
contextual.media.net/ Frame C8B4
Redirect Chain

https://creativecdn.com/cm-notify?pi=medianet
https://creativecdn.com/cm-notify?pi=medianet&tc=1
https://contextual.media.net/cksync.php?cs=1&vsid=%7BMedia.net_User_id%7D&type=rbh&ovsid=3fihSmmzCYC79SsfRXmo&pi=medianet&tc=1

61 B
463 B

99ms
98ms

Image
image/gif

23.52.163.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.php?cs=1&vsid=%7BMedia.net_User_id%7D&type=rbh&ovsid=3fihSmmzCYC79SsfRXmo&pi=medianet&tc=1

Requested by

Protocol

Server

23.52.163.93 New York, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-52-163-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

cc0e716595a20cd577f4cba25c11b4b54d92311f5f4bf22b992af281cabbc0c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Sat, 12 Aug 2023 02:50:15 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 61
x-mnet-hl2: E
expires: Sat, 12 Aug 2023 02:50:15 GMT

Redirect headers

location: https://contextual.media.net/cksync.php?cs=1&vsid=%7BMedia.net_User_id%7D&type=rbh&ovsid=3fihSmmzCYC79SsfRXmo&pi=medianet&tc=1
pragma: no-cache
date: Sat, 12 Aug 2023 02:50:15 GMT, Sat, 12 Aug 2023 02:50:15 GMT
cache-control: no-cache, no-store, must-revalidate, private, max-age=0
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 cm
us-u.openx.net/w/1.0/ Frame C8B4 43 B
219 B 28ms
26ms Image
image/gif 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=78e2dffc-bb89-4bb2-ae92-f592d006518b&ph=6a16560a-f6c6-4851-b7b5-0b2c0190166a&r=https%3A%2F%2Fcontextual.media.net%2Fcksync.html%3Fcs%3D8%26vsid%3D3348102148992256000V10%26type%3Dopx%26refUrl%3D%26vid%3D18086154383348102148992256000V10%26ovsid%3D
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUO2689O&prvid=2034%2C2033%2C2030%2C273%2C2028%2C2027%2C2025%2C237%2C117%2C359%2C97%2C55%2C99%2C3012%2C3011%2C3010%2C201%2C3007%2C246%2C4%2C203%2C446%2C9%2C2011%2C3022%2C3020%2C173%2C294%2C251%2C175%2C450%2C2009%2C178%2C255%2C3018%2C3017%2C214%2C336%2C3014%2C337%2C338%2C459%2C77%2C38%2C182%2C261%2C141%2C262%2C461%2C222%2C301%2C225%2C10000%2C80%2C108%2C229%2C307&itype=PREBID&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 12 Aug 2023 02:50:15 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

cksync.php
contextual.media.net/ Frame C8B4
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=MEDIANET&rurl=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D3348102148992256000V10%26type%3Ddxu%26refUrl%3D%26vid%3D18086154383348102148992...
https://contextual.media.net/cksync.php?cs=8&vsid=3348102148992256000V10&type=dxu&refUrl=&vid=18086154383348102148992256000V10&ovsid=YRRi7ETa1QuEHJ5

61 B
458 B

113ms
113ms

Image
image/gif

23.52.163.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.php?cs=8&vsid=3348102148992256000V10&type=dxu&refUrl=&vid=18086154383348102148992256000V10&ovsid=YRRi7ETa1QuEHJ5

Requested by

Protocol

Server

23.52.163.93 New York, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-52-163-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

cc0e716595a20cd577f4cba25c11b4b54d92311f5f4bf22b992af281cabbc0c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Sat, 12 Aug 2023 02:50:15 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 61
x-mnet-hl2: E
expires: Sat, 12 Aug 2023 02:50:15 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 12 Aug 2023 02:50:15 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/v2.0.30-785-gcf3d607#rel-ec2-master i-013cfefc71e743b69@us-east-1b@dxedge-app-us-east-1-prod-asg
Location: https://contextual.media.net/cksync.php?cs=8&vsid=3348102148992256000V10&type=dxu&refUrl=&vid=18086154383348102148992256000V10&ovsid=YRRi7ETa1QuEHJ5
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

cksync.php
contextual.media.net/ Frame C8B4
Redirect Chain

https://dis.criteo.com/dis/usersync.aspx?r=115&p=226&cp=medianet&cu=1&url=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D1%26type%3Dcrt%26ovsid%3D%40%40CRITEO_USERID%40%40
https://contextual.media.net/cksync.php?cs=1&type=crt&ovsid=68ec1a45-4112-4d0d-b841-df8394c0f20d

61 B
622 B

67ms
67ms

Image
image/gif

23.52.163.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.php?cs=1&type=crt&ovsid=68ec1a45-4112-4d0d-b841-df8394c0f20d

Requested by

Protocol

Server

23.52.163.93 New York, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-52-163-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

cc0e716595a20cd577f4cba25c11b4b54d92311f5f4bf22b992af281cabbc0c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Sat, 12 Aug 2023 02:50:15 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 61
x-mnet-hl2: E
expires: Sat, 12 Aug 2023 02:50:15 GMT

Redirect headers

pragma: no-cache
date: Sat, 12 Aug 2023 02:50:15 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location: https://contextual.media.net/cksync.php?cs=1&type=crt&ovsid=68ec1a45-4112-4d0d-b841-df8394c0f20d
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1502873
content-length: 0
expires: Sat, 12 Aug 2023 00:00:00 GMT

GET
H2

200

cksync.php
contextual.media.net/ Frame C8B4
Redirect Chain

https://b1sync.zemanta.com/usersync/medianet/?puid=${VSID}&cb=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D1%26type%3Dzem%26ovsid%3D__ZUID__https%3A%2F%2Fcontextual.media.net%2Fcksync.php...
https://stags.bluekai.com/site/23178?id=l5cgCCrvH8Bt2IR0Zk6g&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS6Y3PNZ2GK6DUOVQWYLTNMVSGSYJONZSXIL3DNNZXS3TD...
https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS6Y3PNZ2GK6DUOVQWYLTNMVSGSYJONZSXIL3DNNZXS3TDFZYGQ4B7MNZT2MJGMV4GG2DBNZTWKPLNMVSGSYLOMV2CM33WONUWIPLMGVRWOQ2DOJ3EQOCCOQZESURQLJVTM...
https://contextual.media.net/cksync.php?cs=1&ovsid=l5cgCCrvH8Bt2IR0Zk6ghttps%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8&ovsid=__ZUID__&refUrl=&type=zem&type=zem&vid=180861543833481021489922...

60 B
298 B

54ms
54ms

Image
image/gif

23.52.163.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.php?cs=1&ovsid=l5cgCCrvH8Bt2IR0Zk6ghttps%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8&ovsid=__ZUID__&refUrl=&type=zem&type=zem&vid=18086154383348102148992256000V10&vsid=3348102148992256000V10

Requested by

Protocol

Server

23.52.163.93 New York, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-52-163-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0c34dc4de2a524e93b1315788f03ba101b99e22ff50082945e84a00368d73e16

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Sat, 12 Aug 2023 02:50:15 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 60
x-mnet-hl2: E
expires: Sat, 12 Aug 2023 02:50:15 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 12 Aug 2023 02:50:15 GMT
Content-Type: text/html; charset=utf-8
Location: https://contextual.media.net/cksync.php?cs=1&ovsid=l5cgCCrvH8Bt2IR0Zk6ghttps%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8&ovsid=__ZUID__&refUrl=&type=zem&type=zem&vid=18086154383348102148992256000V10&vsid=3348102148992256000V10
P3p: CP="We do not support P3P header."
Cache-Control: no-cache, no-store, must-revalidate
Content-Length: 284
Expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2 200 bqi.php
l.pm-serv.co/ Frame B838 15 B
15 B 33ms
33ms Image
text/javascript 23.47.144.150
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://l.pm-serv.co/bqi.php?vgd_len=2298&lf=3&&vgd_hb_audit_1=8CUBMNV74&vgd_hb_audit_2=221337478&vgd_tsce=L223&vgd_l2type=scs_newfl&vgd_ydspr=1&vgd_cdv=1047&vgd_cage=1&vgd_rensize=300_250&vgde_bdata=QOfvzxjj~77vWfX9~8xLjMjv9~myJLEYv9.uX~eBMJ-Nv9.iu~e8QMQOvfW9~ONfvu~QNOvmz~eM1QzvuAFhWh~ejfLMQOvf9fA9Wuuf9~8xLjMGvAu9u.9F~xLjM7UNv9~Q7OvX9HiXFAfh~c0v.*e8OJm.*~e8QMxLjMGv9.WW~8EvulDJu5~kGGv9~e8QMxLjMjvA9~L88Ex1v9%2C9~J7vuF~LNvf%2CHi~LEQMQOvf9fA9Wuuf9~e8QMGvWWf.iH~xLjMGv9.Af~ejfLMxLjMGv9~ejfLMxLjMe8vu4ouF~xLjM7e8v9~xLjMjv9~yN17vX9uH99~GGvufW~eev9~jfLMGvu999~JLEYv9.uX~ejfLMxLjMUNv949~ejfLMxEMjvf9~GYvu~1AEMGvF.ff%2CfF.XX~Q8OvWNGJhi1fHHiOhOhNGWWhkGFWXFJJuAG1~QOv9~x8OvfV1ZYQ3Y28uIHC-VX%2F~G7OvffAiWuAAF9hFiXhh9HWFFX9AHX9if9f9WufA9H9FHWFXHufXA9WuFfAu9iuHhHAWhuHHWiufWWHhiAFihXFHWifhHff9hhuXhhhAAuf~UGMQLNvUGG~eBxv9.iu~OfEMjvu9~AENkvu9u9~x8Yv9~OYYMQ7LyvJNE~ejfLMxEMGv9~OfEMGv9.iW~myOfEMGv9.iF~exLjMGv9.iA~QQvIK~NNv%3DK~UGMOjvzS1~x8Bvou~NJv9~LEQMGvfF.XX~exLjMjv9~%3DVvfiWH~UGMxNvu~z7Qvu~UGMxjvzS1~UGMNNUQvu~c0fv.*OmBzjm1O.*~N7v7mLmz7m~GQQMC_pvIK%2CIK~8exLjMGvu.9W~0sv9~8Q8kv9~UGM77v9~G8Ov9.uX~UGME7vIm7n0LmNJQQJO~ONvW~ejfLMGvF.ff~8exLjMjv9~NGOEv9.uAf~GQGv9~7yQvA99-fX9~zQlvu~GQEv9~7Y-vfHA~875EJM8Ovf~QJjjJLM71yM8OvX9HiXFAfh~QxEEj5M71yM8OvSfuWWfWHH9fhSrJQU7mEo2mzJA~OJ7JN7JOM71yM8Ov~e8JB1G8j875v9.iu~EmQvu~N7LvH.iAHhAHWihFWW9Au4oH~1OGjUvX9HiXFAfh~1YEvu~N1LL8JLVOv9~myG8Ov9.uX9~GkjLv9.9u9~Qx8Ov~O7NvJ1Q7MQN~8QMmL7Gvu~OYYMJLEYvk1jQJ~OYYvJNE~GOEN1EOv9~O1jyvJNEM1x7m~QmGEv~w7Yjvu~ONx7vu9~OmyGv9ou~JNEMxQJOvGJjmBM%20X9~JNEMEX9v9.uhhff~JNEMEhXv9.XW9HX~8GNvu&vgd_lbt=1000&gdpr=0&mspa=0&prid=8PRVCXX19&cid=8CUK73G0A&crid=916135386&rrr=J6beHulmN73UV5fGpDlpxVGt8RXW8ytIa1k-njEziYM8Ps64aG91zMLbiRY1sK8gJOaUOOW0_2xTlZDdSFuOfPtIOjq763JK0AbP7kN33XYTSAHCfzIWyA%3D%3D&requrl=https%3A%2F%2Fwww.mediafire.com&vi=1691808613972542632&ugd=4&cc=CA&sc=ON&bdrid=459&subBdr=128&startTime=1691808613956&l1ch=1&l1hcsd=l1!Spr8r|5312&mmm=uXosNfIDqEk=&sttm=1691808613965&upk=1691808614.28394&hvsid=00001691808613965014459899224218&acid=20bf7782ee07400aacc0ab2f613c134e&verid=3111299&infr=1&twna=1&stime=1691808613767&tsrc=entity&kafm_ull_cache=00&vgd_mspa=0&vgd_l1rhst=c.pm-serv.co&vgd_l1rakh=1691808613196297299&vgd_sc=ON&vgd_ecrid=0200080807628300300025000042900&vgd_uspa=0&vgd_mspad=a&vgd_isiolc=1&vgd_pgid=p01454449509t202308120250&vgd_pgids=1&vgd_end=1
Requested by: Host: mnadshield-a.akamaihd.net
URL: https://mnadshield-a.akamaihd.net/creativewrapper/0-0-1/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.47.144.150 Piscataway, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-47-144-150.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mnadshield-a.akamaihd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Sat, 12 Aug 2023 02:50:15 GMT
cache-control: max-age=0, no-cache, no-store
expires: Sat, 12 Aug 2023 02:50:15 GMT
content-length: 15
content-type: text/javascript

GET
H2 200 log
c21lg-d.media.net/ Frame C8B4 35 B
164 B 115ms
96ms Image
image/gif 23.198.216.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c21lg-d.media.net/log?logid=kfk&evtid=cs&origin=1&pvgid=data-c&ovsid=62KAPwzbwD_3xNGbXQ0rbSSuJ6ABvdiU&cs=15&vsid=3348102148992256000V10
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUO2689O&prvid=2034%2C2033%2C2030%2C273%2C2028%2C2027%2C2025%2C237%2C117%2C359%2C97%2C55%2C99%2C3012%2C3011%2C3010%2C201%2C3007%2C246%2C4%2C203%2C446%2C9%2C2011%2C3022%2C3020%2C173%2C294%2C251%2C175%2C450%2C2009%2C178%2C255%2C3018%2C3017%2C214%2C336%2C3014%2C337%2C338%2C459%2C77%2C38%2C182%2C261%2C141%2C262%2C461%2C222%2C301%2C225%2C10000%2C80%2C108%2C229%2C307&itype=PREBID&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.198.216.24 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-198-216-24.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Sat, 12 Aug 2023 02:50:15 GMT
cache-control: max-age=0, no-cache, no-store
expires: Sat, 12 Aug 2023 02:50:15 GMT
content-length: 35
content-type: image/gif

GET
H2 200 SPug Show response
simage4.pubmatic.com/AdServer/ Frame A80F 0
260 B 114ms
28ms Script
text/plain 162.248.18.34
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage4.pubmatic.com/AdServer/SPug?partnerID=158936&gdpr=0&gdpr_consent=&us_privacy=1---
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 162.248.18.34 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:15 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 6406 1 KB
2 KB 28ms
27ms Script
text/html 104.36.115.113
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=63097614&p=158936&s=647353&a=0&ptask=DSP&np=0&fp=1&rp=1&mpc=10&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=1---
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.115.113 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: 4f6059a54189e30989c1799ac1e742e15df6e78d350cb66826ac6b3c64f81626

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Sat, 12 Aug 2023 02:50:15 GMT
content-length: 1514
content-type: text/html; charset=UTF-8

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame DC23 1 KB
2 KB 28ms
27ms Script
text/html 104.36.115.113
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=44364372&p=158936&s=647353&a=0&ptask=DSP&np=0&fp=1&rp=1&mpc=10&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=1---
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.115.113 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: 4f6059a54189e30989c1799ac1e742e15df6e78d350cb66826ac6b3c64f81626

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Sat, 12 Aug 2023 02:50:15 GMT
content-length: 1514
content-type: text/html; charset=UTF-8

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame AF5E
Redirect Chain

https://match.prod.bidr.io/cookie-sync/pm?gdpr=0&gdpr_consent=
https://match.prod.bidr.io/cookie-sync/pm?gdpr=0&gdpr_consent=&_bee_ppp=1
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFBNXFVN0pyZWNBQUNjX084TUtadw&gdpr=0&gdpr_consent=&bee_sync_partners=syn%2Cpp%2Csas%2Cpm&bee_sync_current_partner=adx&b...
https://match.prod.bidr.io/cookie-sync/adx?gdpr=0&gdpr_consent=&bee_sync_partners=syn%2Cpp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1
https://sync.technoratimedia.com/services?uid=AAFAlE7JrecAACkwHjAhPg&srv=cs&pid=73&cb=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26bee_sync_partners%3Dpp%252Csas%252Cpm%26bee_sync_cu...
https://ssum-sec.casalemedia.com/usermatchredir?s=191740&cb=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26nuid%3D3EF19D5DA37645C09668ADD2F6DD6276%26att%3D1%26pid%3D82%26cb%3Dhttps%...
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26nuid%3D3EF19D5DA37645C09668ADD2F6DD6276%26att%3D1%26pid%3D82%26cb%3Dhttps%253A%252F...
https://sync.technoratimedia.com/services?srv=cs&nuid=3EF19D5DA37645C09668ADD2F6DD6276&att=1&pid=82&cb=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26bee_sync_partners%3Dpp%252Csas%252...
https://match.prod.bidr.io/cookie-sync?gdpr=0&bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=syn&bee_sync_initiator=adx&bee_sync_hop_count=2
https://bh.contextweb.com/bh/rtset?ev=AAFAlE7JrecAACkwHjAhPg&do=add&pid=558502&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26bee_sync_partners%3Dsas%252Cpm%26bee_sync_current_par...
https://match.prod.bidr.io/cookie-sync?gdpr=0&bee_sync_partners=sas%2Cpm&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=3&ev=AAFAlE7JrecAACkwHjAhPg&pid=558502&do=add&gdpr=0
https://rtb-csync.smartadserver.com/redir?partneruserid=AAFAlE7JrecAACkwHjAhPg&partnerid=127&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26gdpr%3D0%26bee_sync_partners%3Dpm%2...
https://match.prod.bidr.io/cookie-sync?gdpr=0&gdpr=0&bee_sync_partners=pm&bee_sync_current_partner=sas&bee_sync_initiator=adx&bee_sync_hop_count=4&userid=5640036438096218636&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAFAlE7JrecAACkwHjAhPg&gdpr=0&gdpr_consent=

42 B
199 B

33ms
33ms

Document
image/gif

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAFAlE7JrecAACkwHjAhPg&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Sat, 12 Aug 2023 02:50:16 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

Connection: keep-alive
Content-Length: 0
Date: Sat, 12 Aug 2023 02:50:18 GMT
Server: gunicorn
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAFAlE7JrecAACkwHjAhPg&gdpr=0&gdpr_consent=
strict-transport-security: max-age=2592000; includeSubDomains

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 699D
Redirect Chain

https://ib.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent=
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA%3D%26piggybackCookie%3D%24UID%26gdpr%3D0%26gdpr_consent%3D
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=6509273573175081155&gdpr=0&gdpr_consent=

42 B
218 B

28ms
28ms

Document
image/gif

162.248.18.37
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=6509273573175081155&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 162.248.18.37 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Sat, 12 Aug 2023 02:50:15 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials: true
access-control-allow-origin: *
an-x-request-uuid: b60dcef9-5e91-42df-bb97-6e1dd05e1682
cache-control: no-store, no-cache, private
content-length: 0
content-type: text/html; charset=utf-8
date: Sat, 12 Aug 2023 02:50:16 GMT
expires: Sat, 15 Nov 2008 16:00:00 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=6509273573175081155&gdpr=0&gdpr_consent=
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
pragma: no-cache
server: nginx/1.21.3
x-proxy-origin: 86.48.14.34; 86.48.14.34; 575.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
x-xss-protection: 0

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 3ADB
Redirect Chain

https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
https://cm.adgrx.com/bridge.gif?AG_PID=pubmatic&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDEmdGw9MTI5NjAw&piggybackCookie=f9b0b968-38ba-11ee-8db4-36c80c52758f

42 B
244 B

31ms
31ms

Document
image/gif

162.248.18.37
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDEmdGw9MTI5NjAw&piggybackCookie=f9b0b968-38ba-11ee-8db4-36c80c52758f
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 162.248.18.37 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Sat, 12 Aug 2023 02:50:19 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, proxy-revalidate
content-length: 0
content-type: image/gif
date: Sat, 12 Aug 2023 02:50:19 GMT
expires: Thu, 23 Sep 2004 17:42:04 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDEmdGw9MTI5NjAw&piggybackCookie=f9b0b968-38ba-11ee-8db4-36c80c52758f
p3p: CP="NOI OTC OTP OUR NOR"
pragma: no-cache
server: Cowboy
x-realserver-nx: lga-delivery-5

GET
H2 200 141 Show response
match.deepintent.com/usersync/ Frame 0869 0
127 B 1367ms
37ms Document
image/gif 8.18.47.7
DEEPINTENT

General

Check archive.org

Show headers Download Go to

Full URL: https://match.deepintent.com/usersync/141?gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 8.18.47.7 Miami, United States, ASN398989 (DEEPINTENT, US),
Reverse DNS
Software: a /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

content-length: 0
content-type: image/gif
date: Sat, 12 Aug 2023 02:50:17 GMT
p3p: policyref='http://cdn.deepintent.com/p3p.xml', CP='NON CUR DEV TAI'
server: a

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame BD31
Redirect Chain

https://cms.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=KHV4xHhyKsszJXnAfXUxynsnJcIzIiWQfCPHGROn

42 B
422 B

35ms
33ms

Document
image/gif

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=KHV4xHhyKsszJXnAfXUxynsnJcIzIiWQfCPHGROn
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Sat, 12 Aug 2023 02:50:16 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
date: Sat, 12 Aug 2023 02:50:17 GMT
expires: Fri, 04 Aug 1978 12:00:00 GMT
location: https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=KHV4xHhyKsszJXnAfXUxynsnJcIzIiWQfCPHGROn
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
pragma: no-cache
strict-transport-security: max-age=86400

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame A200
Redirect Chain

https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCooki...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=

42 B
95 B

29ms
29ms

Document
image/gif

162.248.18.37
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 162.248.18.37 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Sat, 12 Aug 2023 02:50:16 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

cache-control: no-cache
content-length: 0
cross-origin-resource-policy: cross-origin
date: Sat, 12 Aug 2023 02:50:15 GMT
expires: Sat, 12 Aug 2023 00:00:00 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 1094601
strict-transport-security: max-age=31536000; preload;
x-errorlevel: 0

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 6406
Redirect Chain

https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=D4E60507-3D6E-4B86-BC65-074A03A0A8BC&gdpr=0&gdpr_consent=
https://pubmatic-match.dotomi.com/match/bounce/current?DotomiTest=7b3ed5b2ec7205e8&is_secure=true&networkId=17100&version=1&nuid=D4E60507-3D6E-4B86-BC65-074A03A0A8BC&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQ2MSZ0bD0xMDA4MA==&piggybackCookie=AAAB8WfIG8qf4gNXqjm6AAAAAAA&expiration=1691895023&nuid=D4E60507-3D6E-4B86-BC65-074A03A0A8BC&...

42 B
266 B

29ms
29ms

Image
image/gif

162.248.18.37
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQ2MSZ0bD0xMDA4MA==&piggybackCookie=AAAB8WfIG8qf4gNXqjm6AAAAAAA&expiration=1691895023&nuid=D4E60507-3D6E-4B86-BC65-074A03A0A8BC&is_secure=true&gdpr_consent=&gdpr=0
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file
Protocol: H2
Server: 162.248.18.37 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Sat, 12 Aug 2023 02:50:24 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Sat, 12 Aug 2023 02:50:23 GMT
server: nginx
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP NID OUR STP"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQ2MSZ0bD0xMDA4MA==&piggybackCookie=AAAB8WfIG8qf4gNXqjm6AAAAAAA&expiration=1691895023&nuid=D4E60507-3D6E-4B86-BC65-074A03A0A8BC&is_secure=true&gdpr_consent=&gdpr=0
cache-control: no-cache, private, max-age=0, no-store
content-length: 0
expires: 0

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 6406
Redirect Chain

https://sync.ipredictive.com/d/sync/cookie/generic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=${ADELPHIC_CUID}&gdpr=0&gdpr_cons...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=894068b6-2b30-4266-8b3b-4ed3715aea63&gdpr=0&gdpr_consent=

1 B
237 B

30ms
28ms

Image
text/html

162.248.18.37
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=894068b6-2b30-4266-8b3b-4ed3715aea63&gdpr=0&gdpr_consent=
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file
Protocol: H2
Server: 162.248.18.37 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-type: text/html; charset=utf-8
date: Sat, 12 Aug 2023 02:50:23 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=894068b6-2b30-4266-8b3b-4ed3715aea63&gdpr=0&gdpr_consent=
Date: Sat, 12 Aug 2023 02:50:23 GMT
Connection: keep-alive
X-CI-RTID: 737224e0-87b9-4543-b880-2fc771c950b9
Content-Length: 205
Content-Type: text/html; charset=utf-8

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 6406
Redirect Chain

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
https://dsp.nrich.ai/bidswitch/sync?bidswitch_ssp_id=pubmatic&bsw_custom_parameter=8c1fa4d4-d86f-4c58-b47d-bc009fd65439&gdpr=0&gdpr_consent=&gdpr_pd=&us_privacy=
https://x.bidswitch.net/sync?dsp_id=283&user_id=c062d3d9-54db-430e-bf46-3625d2539b54&expires=1&user_group=5&ssp=pubmatic&bsw_param=8c1fa4d4-d86f-4c58-b47d-bc009fd65439&gdpr=0&gdpr_consent=&gdpr_pd=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=8c1fa4d4-d86f-4c58-b47d-bc009fd65439&gdpr=0&gdpr_consent=&gdpr_pd=

1 B
185 B

29ms
28ms

Image
text/html

162.248.18.37
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=8c1fa4d4-d86f-4c58-b47d-bc009fd65439&gdpr=0&gdpr_consent=&gdpr_pd=
Requested by: Host: 90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com
URL: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Server: 162.248.18.37 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-type: text/html; charset=utf-8
date: Sat, 12 Aug 2023 02:50:16 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Location: //simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=8c1fa4d4-d86f-4c58-b47d-bc009fd65439&gdpr=0&gdpr_consent=&gdpr_pd=
Date: Sat, 12 Aug 2023 02:50:17 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 6406
Redirect Chain

https://rtb.adentifi.com/CookieSyncPubMatic&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMTUmdGw9MTI5NjAw&piggybackCookie=cuid_f642f5c1-38ba-11ee-94b7-1297b61989fd&gdpr=0

42 B
407 B

28ms
28ms

Image
image/gif

162.248.18.37
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMTUmdGw9MTI5NjAw&piggybackCookie=cuid_f642f5c1-38ba-11ee-94b7-1297b61989fd&gdpr=0
Requested by: Host: 90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com
URL: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Server: 162.248.18.37 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Sat, 12 Aug 2023 02:50:16 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMTUmdGw9MTI5NjAw&piggybackCookie=cuid_f642f5c1-38ba-11ee-94b7-1297b61989fd&gdpr=0
date: Sat, 12 Aug 2023 02:50:16 GMT
content-type: text/plain

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame D757
Redirect Chain

https://match.prod.bidr.io/cookie-sync/pm?gdpr=0&gdpr_consent=
https://match.prod.bidr.io/cookie-sync/pm?gdpr=0&gdpr_consent=&_bee_ppp=1
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFGQWxFN0pyZWNBQUNrd0hqQWhQZw&gdpr=0&gdpr_consent=&bee_sync_partners=pp%2Csas%2Csyn%2Cpm&bee_sync_current_partner=adx&b...
https://match.prod.bidr.io/cookie-sync/adx?gdpr=0&gdpr_consent=&bee_sync_partners=pp%2Csas%2Csyn%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1
https://bh.contextweb.com/bh/rtset?ev=AAFAlE7JrecAACkwHjAhPg&do=add&pid=558502&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26bee_sync_partners%3Dsas%252Csyn%252Cpm%26bee_sync_cur...
https://match.prod.bidr.io/cookie-sync?gdpr=0&bee_sync_partners=sas%2Csyn%2Cpm&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=2&ev=AAFAlE7JrecAACkwHjAhPg&pid=558502&do=add&gd...
https://rtb-csync.smartadserver.com/redir?partneruserid=AAFAlE7JrecAACkwHjAhPg&partnerid=127&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26gdpr%3D0%26bee_sync_partners%3Dsyn%...
https://match.prod.bidr.io/cookie-sync?gdpr=0&gdpr=0&bee_sync_partners=syn%2Cpm&bee_sync_current_partner=sas&bee_sync_initiator=adx&bee_sync_hop_count=3&userid=2618455391205067311&gdpr=0&gdpr_consent=
https://sync.technoratimedia.com/services?uid=AAFAlE7JrecAACkwHjAhPg&srv=cs&pid=73&cb=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26gdpr%3D0%26userid%3D2618455391205067311%26gdpr%3D0%...
https://secure.adnxs.com/getuid?https%3A%2F%2Fsync.technoratimedia.com%2Fservices%3Fsrv%3Dcs%26nuid%3D3EF19D5DA37645C09668ADD2F6DD6276%26att%3D1%26pid%3D46%26cb%3Dhttps%253A%252F%252Fmatch.prod.bid...
https://sync.technoratimedia.com/services?srv=cs&nuid=3EF19D5DA37645C09668ADD2F6DD6276&att=1&pid=46&cb=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26gdpr%3D0%26userid%3D26184553912050...
https://match.prod.bidr.io/cookie-sync?gdpr=0&gdpr=0&userid=2618455391205067311&gdpr=0&gdpr_consent=&bee_sync_partners=pm&bee_sync_current_partner=syn&bee_sync_initiator=adx&bee_sync_hop_count=4
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAFAlE7JrecAACkwHjAhPg&gdpr=0&gdpr_consent=

42 B
279 B

34ms
33ms

Document
image/gif

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAFAlE7JrecAACkwHjAhPg&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Fri, 11 Aug 2023 22:42:04 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

Connection: keep-alive
Content-Length: 0
Date: Sat, 12 Aug 2023 02:50:18 GMT
Server: gunicorn
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAFAlE7JrecAACkwHjAhPg&gdpr=0&gdpr_consent=
strict-transport-security: max-age=2592000; includeSubDomains

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame B575
Redirect Chain

https://ib.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent=
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA%3D%26piggybackCookie%3D%24UID%26gdpr%3D0%26gdpr_consent%3D
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=1824226777820254603&gdpr=0&gdpr_consent=

42 B
217 B

29ms
29ms

Document
image/gif

162.248.18.37
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=1824226777820254603&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 162.248.18.37 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Sat, 12 Aug 2023 02:50:16 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials: true
access-control-allow-origin: *
an-x-request-uuid: 97b5c0ec-4f23-4b84-bd3e-e83511c6401b
cache-control: no-store, no-cache, private
content-length: 0
content-type: text/html; charset=utf-8
date: Sat, 12 Aug 2023 02:50:16 GMT
expires: Sat, 15 Nov 2008 16:00:00 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=1824226777820254603&gdpr=0&gdpr_consent=
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
pragma: no-cache
server: nginx/1.21.3
x-proxy-origin: 86.48.14.34; 86.48.14.34; 575.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
x-xss-protection: 0

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 2FE0
Redirect Chain

https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
https://cm.adgrx.com/bridge.gif?AG_PID=pubmatic&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDEmdGw9MTI5NjAw&piggybackCookie=f9b0b968-38ba-11ee-8db4-36c80c52758f

42 B
244 B

31ms
31ms

Document
image/gif

162.248.18.37
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDEmdGw9MTI5NjAw&piggybackCookie=f9b0b968-38ba-11ee-8db4-36c80c52758f
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 162.248.18.37 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Sat, 12 Aug 2023 02:50:18 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, proxy-revalidate
content-length: 0
content-type: image/gif
date: Sat, 12 Aug 2023 02:50:19 GMT
expires: Thu, 23 Sep 2004 17:42:04 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDEmdGw9MTI5NjAw&piggybackCookie=f9b0b968-38ba-11ee-8db4-36c80c52758f
p3p: CP="NOI OTC OTP OUR NOR"
pragma: no-cache
server: Cowboy
x-realserver-nx: lga-delivery-5

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame DC23
Redirect Chain

https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=D4E60507-3D6E-4B86-BC65-074A03A0A8BC&gdpr=0&gdpr_consent=
https://pubmatic-match.dotomi.com/match/bounce/current?DotomiTest=332e1686a240067b&is_secure=true&networkId=17100&version=1&nuid=D4E60507-3D6E-4B86-BC65-074A03A0A8BC&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQ2MSZ0bD0xMDA4MA==&piggybackCookie=AAACTWuxx3lbvwMV5PfnAAAAAAA&expiration=1691895023&nuid=D4E60507-3D6E-4B86-BC65-074A03A0A8BC&...

42 B
266 B

29ms
29ms

Image
image/gif

162.248.18.37
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQ2MSZ0bD0xMDA4MA==&piggybackCookie=AAACTWuxx3lbvwMV5PfnAAAAAAA&expiration=1691895023&nuid=D4E60507-3D6E-4B86-BC65-074A03A0A8BC&is_secure=true&gdpr_consent=&gdpr=0
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file
Protocol: H2
Server: 162.248.18.37 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Sat, 12 Aug 2023 02:50:23 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Sat, 12 Aug 2023 02:50:23 GMT
server: nginx
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP NID OUR STP"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQ2MSZ0bD0xMDA4MA==&piggybackCookie=AAACTWuxx3lbvwMV5PfnAAAAAAA&expiration=1691895023&nuid=D4E60507-3D6E-4B86-BC65-074A03A0A8BC&is_secure=true&gdpr_consent=&gdpr=0
cache-control: no-cache, private, max-age=0, no-store
content-length: 0
expires: 0

GET
H2 200 141 Show response
match.deepintent.com/usersync/ Frame 3D44 0
222 B 1356ms
36ms Document
image/gif 8.18.47.7
DEEPINTENT

General

Check archive.org

Show headers Download Go to

Full URL: https://match.deepintent.com/usersync/141?gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 8.18.47.7 Miami, United States, ASN398989 (DEEPINTENT, US),
Reverse DNS
Software: a /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

content-length: 0
content-type: image/gif
date: Sat, 12 Aug 2023 02:50:17 GMT
p3p: policyref='http://cdn.deepintent.com/p3p.xml', CP='NON CUR DEV TAI'
server: a

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame DC23
Redirect Chain

https://sync.ipredictive.com/d/sync/cookie/generic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=${ADELPHIC_CUID}&gdpr=0&gdpr_cons...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=4747720e-b039-4350-8100-38c901466cfa&gdpr=0&gdpr_consent=

1 B
315 B

29ms
28ms

Image
text/html

162.248.18.37
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=4747720e-b039-4350-8100-38c901466cfa&gdpr=0&gdpr_consent=
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file
Protocol: H2
Server: 162.248.18.37 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-type: text/html; charset=utf-8
date: Sat, 12 Aug 2023 02:50:22 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=4747720e-b039-4350-8100-38c901466cfa&gdpr=0&gdpr_consent=
Date: Sat, 12 Aug 2023 02:50:23 GMT
Connection: keep-alive
X-CI-RTID: b31153ef-2ef1-420f-9cb4-4b1411a55f91
Content-Length: 205
Content-Type: text/html; charset=utf-8

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame DC23
Redirect Chain

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
https://pool.admedo.com/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic&bsw_custom_parameter=8c1fa4d4-d86f-4c58-b47d-bc009fd65439
https://pool.admedo.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic&bsw_custom_parameter=8c1fa4d4-d86f-4c58-b47d-bc009fd65439
https://x.bidswitch.net/sync?dsp_id=23&expires=14&user_id=c095565d-cb0a-4027-b32a-eb9a24889f27&user_group=1&ssp=pubmatic&bsw_param=8c1fa4d4-d86f-4c58-b47d-bc009fd65439
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=8c1fa4d4-d86f-4c58-b47d-bc009fd65439&gdpr=&gdpr_consent=&gdpr_pd=

1 B
166 B

29ms
28ms

Image
text/html

162.248.18.37
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=8c1fa4d4-d86f-4c58-b47d-bc009fd65439&gdpr=&gdpr_consent=&gdpr_pd=
Requested by: Host: 90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com
URL: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Server: 162.248.18.37 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-type: text/html; charset=utf-8
date: Sat, 12 Aug 2023 02:50:15 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Location: //simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=8c1fa4d4-d86f-4c58-b47d-bc009fd65439&gdpr=&gdpr_consent=&gdpr_pd=
Date: Sat, 12 Aug 2023 02:50:17 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame 0374
Redirect Chain

https://cms.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=0pzrc4KbuXzJzOp33JqiINOR7nPJy-sm0ct-seGD

42 B
415 B

33ms
32ms

Document
image/gif

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=0pzrc4KbuXzJzOp33JqiINOR7nPJy-sm0ct-seGD
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Sat, 12 Aug 2023 02:50:17 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
date: Sat, 12 Aug 2023 02:50:17 GMT
expires: Fri, 04 Aug 1978 12:00:00 GMT
location: https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=0pzrc4KbuXzJzOp33JqiINOR7nPJy-sm0ct-seGD
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
pragma: no-cache
strict-transport-security: max-age=86400

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame DC23
Redirect Chain

https://rtb.adentifi.com/CookieSyncPubMatic&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMTUmdGw9MTI5NjAw&piggybackCookie=cuid_f642f5c1-38ba-11ee-94b7-1297b61989fd&gdpr=0

42 B
97 B

28ms
28ms

Image
image/gif

162.248.18.37
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMTUmdGw9MTI5NjAw&piggybackCookie=cuid_f642f5c1-38ba-11ee-94b7-1297b61989fd&gdpr=0
Requested by: Host: 90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com
URL: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Server: 162.248.18.37 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Sat, 12 Aug 2023 02:50:16 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMTUmdGw9MTI5NjAw&piggybackCookie=cuid_f642f5c1-38ba-11ee-94b7-1297b61989fd&gdpr=0
date: Sat, 12 Aug 2023 02:50:16 GMT
content-type: text/plain

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame D330
Redirect Chain

https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCooki...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=

42 B
95 B

29ms
28ms

Document
image/gif

162.248.18.37
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 162.248.18.37 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Sat, 12 Aug 2023 02:50:16 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

cache-control: no-cache
content-length: 0
cross-origin-resource-policy: cross-origin
date: Sat, 12 Aug 2023 02:50:16 GMT
expires: Sat, 12 Aug 2023 00:00:00 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 560892
strict-transport-security: max-age=31536000; preload;
x-errorlevel: 0

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 5D09 0
0 58ms
57ms Image
text/html 142.250.64.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CcNyxZPPWZILiHt6soPMP4NiF2Avxi56QXPKJ5eG5BcCNtwEQASAAYP2gmYHoA4IBF2NhLXB1Yi0xNjMwMzYxMTAxMDQ3OTMwyAEJ4AIAqAMByAMCqgTKAk_Q33PZTGWqargzSA0lNb4qdLULtASc9HAlg2Z9h9IO0s2DyQsqxipGF2eZljks9Auq_c2ORnDHp-TbkBDpPocXHGpgC6BLbfuzpN4qyDxGWU8ti9im5EY5voS31W2XJBmweDY-ni20VPXOTQgHMYDYAJ_Ud0U8t7cqX59mhq96I_Ux5I1ILnSTTNskfeh1XMKbwd8pusXXg_x4hIxorgX8EXlYax7NmaK1BUBIokR_Cl6ZYrQrPQjVd7wh6sYx0Q1eE5NFEKisKEbIgZytok2xFzFoEOodyrTsdO79C0JklPYm1W0q9JUJat_Ws8iQHJSe6F-9olMBJpvnFwqGSQMGuIAuX69p_Es7394VBEcSDysIyUld2r0KuQWWvNIKG7Q1P1SQspjG923P8hektDXTA7IrIG2gvRwFK65b3PktfbtJ0qQWmQMph-AEAYAGqOuWt96llcOXAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBIIgGEQATICigI6AoBASL39wTqACgP6CwIIAYAMAdAVAYAXAbIXHAoaEhRwdWItMTYzMDM2MTEwMTA0NzkzMBi7q3Q&sigh=Z2rEHjHTFGo&uach_m=[UACH]&cid=CAQSSwBpAlJWbDSnsbT9o9bHG7D4ggj0KqH94Zx7_GvrBRypaLUunNMnKo1zQs_S2kQe6dVjVz51KEPAZdlcHUYAfeORie_v7UILmjQOzxgB&tpd=AGWhJmszMUJ7G-C3qW9-zxjzT3eCRxaPkrP_kzRtLJdpeb6C3W-Fn5ia5If_3Z1kf40VxSxLVE45YiXkg5XeDqCMFK_0y4EL01kxFidBLKZ5zJy6gF0cfNdE2jBUtIJlsyXKmEaNfmwpQ7affeuTPLbqpRoV7jGnRKQm3QAczlziLpP8Cm2SMzT7bBaVMdztL8YjX1R90FI1MjdJFhQU3RouYwajEzPfVCJJYFTeg-WtTMkFguPNjWJfL2ywLpRtuUl08xqBOH8Od6o88vKrLsgyonOD6y75QnqozXM3bssDE8Ms_SJSwUqXxKwTlL7urnZMr35JGBWSVJF4_-z8jWUdr4FwEK2WdRqe5MrfTcHXSJoeFBeLsRvvagUOXke3w2d3gGvlfv17rDG7C1JHlQV6BSaXpjfhh1lEeK_YP-YKHR28EHH9JkMFFTxwsRnbcBp6YZnPAqJgkTbeDcH3TCvOMIfUhOqsZIMLMey2dgmvi6z9L8kGNjPpsP72UIHzJlzdw0ibmdrWwi_m_c9awj2zW_fCRGOhiEqtYmI10LiiHM_oAIC4XWcHIsvR_M4aNIZL0TLjxlzWZqG0gPAWNuBDi4PesH19CroVoSSRRyuUnuw8YNFZTlKY0NAtrKkrGH6racwtxL3X-lhM4FIdAY6adfqPUCA7lAR19Na-656w7wxfoh22YM9uz54yRbxw2mCFnzycb3yJj6xdxHGOifKwRW4aUmIXTIG1sbq8DJzs-CACMWLc2w6SdT3W7sRtGxgokS5DwhcTzUd4JmZrGWei6uptLd_-riMN0Mwa_SMT5HHnNTt2WwtK1XljZhOgH1sJhTHYWb437TBqs_ZnL4UaM17lpbEgcgPwd4YervOXvEUmAl_tB70JKKTnG-IIFB4XWaLpDEzfpBTwWaicet7BcboZmPgzVd7UrQDP4lpWEHANsGjqRu9SkqIw539JAucGI3o8_P1cnu7JTNVhO55Gs_sp1lBqcVjybeRuW-yWMalpuCJjKjiq7FwKu33R3qO86oiQvjsAbWZtqHUMQh29789wbsvbk01J10h_-6VDdP8gd_0hRpf2RL0FemLuYjxLDk9Bq_QP4FcO19RWgpfptaNJhMAKThZIpBKTc9BUyZQArM-4XudxjRB14z6r2_v1eeb-3McF_hbCxCQ8SPjvViChPEu7qNxdVXMSQJv71O7AMV3SgNdMQmuhotWW5ClGFl5fPclqD1vIsgwrrROHT8juU4PXJZ8LAQ9xz-yPlu8LsM05rOc-grvqSPBF7VT1H8HTzMDFH4mkOIiolwLZbwZr_mUcK4tqlUIpega4WW4o4Xg2NXrVQCA98lh6sDckA9w1YBSEXba4NxMl2tfsETKcvoJY9PYrH2Cd_K9quG8WKd4mLTbvctYyWKuVad-qXvp3pq4xrvjz4-tdL5L5Wc7F1FNuNRWBE8y1wHql10gtwqIYM6ltyRc1PLjV51D-WmHIO8ef5y-RmmpzIpI1rnxweS4mIl5piPwoD4mtCwalIa1jdc3dPn9DLx5zJGDCAqeh4GgIWZEJldnllO3UY4RjKBlFsKIDxEZrJk1bLm-dvggioLckEKXr-8hJF3tecbX1DZzfhMgV0JHaHWrfngNn9y087i7bzK0FkJqbv-qznbTwJyNCjQghviaAKbZGkVC1jYsiu02W2Xy_pmjICBzr_F74MIWz1DlpOe8e2DhScfCgnIPMn1_OLa_T3JJbi0qvjJeF9GfiMDvmzqDOD_IF8dujEE5XVG-5PRgf0dzX1ggFFaWCasQ6wMcNvJ4JnokIPBhaaSWDXtfvCxijekLASxF4lGjT1lakZDeKMwloAPNwDdHTptMUBMeVdJhg-J2UD9jxwXhMKlIPO2IHamBGJQQnjOW8vWTzV8kh22F6Dg3IbQantizyqsT8D7c1a_5GlX12hcrZICl7ydsIHdm3KE-DGaKVUHF2RgMeLDsa2hf4QpLJXQIUJyyXBtkSXP9YUlUoB0-sbSIho6N4xNqolganSCqmRm1-6yPgDVrt6tByeb8yFpHvp65nLB_RUhfqn1bguyPgxEdiK68Utx-5926-sPTg3fczitp1yMrToZpfLGGolhS29Yor5cKCgSJ1RW9eWOqXS_kN-2Dd0AeJwKrHufoWir2MW_kw6qrB_9xtgzAy3gdSeprmLQ6q5nXcU5Pwxd_vyEcZZ2OgJpzJb2aZWlGgtQhM-NlvHzUhm02WLkefBzPEoRWVziuMnzjfY0qBuyBG0HYM411KPChFKWxiywKSwUTW02HMLsDOTb4MyyRfq8zBe6uh-leuhwVJ8tKTBp_Vlp8qnejhx6RhhnyFro5cv0Y6Dp4qmo3D0UWsMIEri4r-DIFuKTTKJho2WktBySwa3hs8vVtJR-tyrpW9qvYiOItxPIdmMxo6mQh_t5TPB9WwEhp3mam8BQaJCs9Wu1ZDGrHvgC2tODNcWkjg6CXYWpMtmajWS0FiMCv3JSJa8RYRu61X7lTZAU6JNYmqkZuC6iN9VOeXn3x764eWvUo3W2Y-1YqlFc9eDNHGZugt6RRhGPQvu5R-_98WkH9myzOH8IN8gQfCDZPWVc5PwE3jW2BMsPS9afn9Z_h0UerGovB4geEM6R-5DPS796PpXbc5HD9IKGC0odoIkdGJdsrqi9VREaPWEzjOUtBMPZNiwWTOIyJFEav_EFaOM4HD-ZzFInWKt7uUnzjQ-9-ylJiiZQqcMbWGtKmtppkuQ41FBzdXGENsh29tAZ7P-DeLQnfmX8MCNkhpRH40AB46-KIceL0z28WUd9kmQN0HdzcN2gueKl2wQGqGmKIIVWIY1wZmHlFHVBCyScgjHXD4zuGG4OT3NoawtzE0JDLV4jODt4NTQNaG1fIfuqzJoDBBnkQLC7lH69th5Xf1nx_6Ff6NPy-uwybniB4_FYOdBe3D4S_VXHqw1V6O7yhKMdtRxqN06MjIzsETw0ffoRfh1OWP0imoheL1sZBeyTRMgKOIiVS6aYEnm2XCTMjDrjh6mkgnFYFW5qrF_xFxqUxxA3tNxOzmo81-Of1bf4FcpuezhpfBNEc9NBx0bEJ7RkmSY9haFlCMabrjm0zypLLvhcS67TSNvZko13wQSVXO774-Y_QGiw6_S9u9ottoRjuNbooElWGZ_yFau7d7_mtuGXfkNxqP10PoaO1Jy4jcCRTCRZzjyhwnAAFb2ywiMWaRZXKkg8Kwl0VragPa4hjWtdlL8ZOC7z7NjMFuAnUNA2VT_v3-pA80y4BWWNQBAcFQRjA6S8dNsNZx56jat2wj2VnPAvJHM-C-6Op0O_EUMgvQQ0QpjRN6jVKhFAPXaF3hPBQn3hHoYq-eY5oA0mmACIRouj1stJkKdPdDk3W6P6zHxlc2nuBzwr8no0Y1HzgFbjpjlhZj1mT0NDeXMhMQK8ICUTxsf0hW5BtaKfROWdHer8Z4zMNfHlRtrisnBw_4HrkKksaVdz39I8sEx1mh0OX1oaoBRpJjXaa8aBlWhpCfdhCdnvSAekIkXqa8QkOJWO4DK7vCwaid4CgH7P0ll7KfADhuwMA_VRfacDeLLwDxZxPCLNxWuVKQ3U3B-BI1dPu_4vgIXvEWsAboV_eg8Ei5-YE83Z9frRoCndlQXEQqT-NYyIRYKHfdFzm_SJlRi-2DNc1vVSalN7fLuCco44T9VIBX_A4VBzZDJUZpjFuJpLB2BcpRqIboVzDWGV3szSY6Ssh7oAgaCbKp85o8x1lBuOCXHazSPVTpAlB67SsvDZSBJVYqzDiuZhfCigcLeGIdL6HqmDWWMB_AI7t02UBRd-_-s_FHHckTmt-QnFF7dnKBcY2mPpurpIh7q9lN18flh8dSgN19f5-dnnR83CRZfTgvgYjasODIT0EBaBNVHJS2dZXWRktlb-JHVoVtWLQ14i5zZFD-FujBG6gTP7ch4-q8lOJcUEdS5ccCsZKQPB7N-LZyohRn9ghPlew5nSyY0BpeNEJSZ1m8EbqfpM1KHXftvCC-_I9-gzRJBFa4F8CnZGOUfFWSDUv0yd6LfNUSi2UvMlzg3Z9_bj5nOX3riugGFrlie7rRAlRBiPMZMdyh-02kq9eJ-Vm7bHMa5yBHsY4SadweiZVJNUHNk5ADoNP_a4bfswssj5NQKfd1EsS0gfZbcmAN-GjSL9zVNCu3s5qzK_Zsscxrr4ltTs-HUD8hpEmzX5CdM4CRnzYhUxExDk2OPY-h5W8upkyNqep-fqQ5mwW0PRy6-QyJi_gUXZmfTWWVfH_x8bcfeIupXak9AvLrnmNRkdx6QZblmWFntAcHr9lQQ4fSNCwP1IwN3xjhYNK90ilVXfF3JcjxMCZGupkCUOhUy3GyTZOzUsGsksEu6AlILKCYuvWAPEISU53-7MvxEIIMuIirlogXA_4vRIfsIA1urldokpwwPELgNGR1fnOnSgWqgbR47_7R-acs1is8dswnOY9ufvn2dOuOkHQ0lpY4_MPKknajwF31kq1XnbaKiXr4pKYVUrD8qWYlrCS1JeBYaWza2zY2QyZWakiPV_zzNUt-2wFMpk5m_4GPWIcH_1OVD0c-WW5jeU6a8ijJq8YgwYCcX7jvGesk8omMaNOSKnF85ncgccGmPqmNyLDplSl27QjyNp-K9-UNf6z0yThaFUu-hzl6pJJic1JV6vHtnKRGCUfNn3CQQb8slDNvbUXOfgK2wnFmiVKyUc3B0x83TnHKTq6x0p_J_HiMM79WtVPlSaRoGxroQY0OiMkq046_-jltOfvNBulNc0-8ADua7KGhvFspf5euh6oVNVJYLoDTib5zNA-x7kf8lm7RlEzkNqMYS__WNWJd4CPTNYqGRoZy6XQnQUdL7nV1uUPVpGtkSM_My9XS4_EGOfUi1ob7GmVferZ9S8P7LDhPpuzoCBlkF3vxZ9m9LpanjW6DjGsAvIKjJxQKEFirbVnrf3CDQ1206cnVtvfE1PqQjeKCgLLp_n1cZz1ldt2Dd8KX5el64qZxqGAfFUyRy06fIS4SJVJPRauHKILhcstPAzRcpw3xH3SWnbo5AKkq0hSYujBRjdIDoI9eWNb1qtHF74w2O3FnuadsiBmDpFKBZHTJ-hAOENGwctpRBieT436oJfv8JexOeV3zjI9Wl0-Qs-1aTaedKIMnjRL19A5E5mQG1u3r_TeCifa5EU7oDvV7Au3knw1qR9ahpkcIUbcsOJMFae6EZmLPALQ8uqgcwBqr25IyGxCXfL4yYiPKLwKh675X38oBW_4z1eDDkRgTQtHk9ND_ikL56CsiYStH7UMNkfnyaZDdK6CBlj1ViDeJ_2D9J_XABREEhznEtG1OT42U8HZarIQeg7kQAovIQ8RM6Y3c9pe3v73eD8OLGXvnJAWb-v0nHscyL2TSiNTK6ucAVSA6-NMggSdUmx6QlcLpYLo0D29d0kQm1nkEdKc7uXuyqkUtT92C5OOrjvBg9wyIa_MPBcymv5HX7wvXz0M1wKi-xNeuCawXJJygOMQSQl_uLMZ5UWl0vOW9kh4JYn76RBe-Y8Fc6I9vozpS5JrSyY6EPTaWruRqfZRM8yeWx16CCTc53IkpALdTt9DXVFD0T_yZUUe-yrugroHAEUWqcepF7gAEpoDnnC3CktUWVr-6fQ_KCeZck8LFn_F_yK1235aI0KDid45UKQzdLCImM_zkhkHC-CtloJsXQT3nwfnFuVT8TfXJ5-rT4iDeDlmy6JaLUhAGQMGKyMmo7InrQXxS1l0nCHJGPg2D-TZyaCVm6Up_1qKf9UcQQuyGg4qPEBv4NIdLj4UFX6innCHBJuoiyQq4hbO1n7FQdIVi2egX1ZJJCh2lIGIRXjU4r0Y4QklDpCH26edHUCNp0fD7vHd2BIWO4Uf-10yG3k4GNGfVB9sBoVtJeFoQwxormSUcB-xfESvi_VQ6Kj1QQTqcONRYuBKQuZpn5q_yB_LhJxucV4QUAkupVbD6TXMnYEsYvlPMUaNWitVGrr_-89JNbPDr4XKAWxEHbim8peJfg73_0XmtrjnsSmfjb6TGlL88puEZNnBCjACL2ibE17vVs0o0jvGLlAiTMT7sjJgziVBCAtHNnYSU95W0qyF6I74HqRSRHQdKg8ttKodT83eknw7MLA74OYsEtHG_Zbdope5poTU8vhbFH7K1S8SpRLiCbDue1Z9h5ylRLX9Jh9gKAnXHG0RWuZsLrRf7Sf77cAMvifUpeoCo2v3pwKY2Fbvhs-ljizxnmRnrzyH6IWN3K7h8Thq1NKgnPqMEqbVK-HG2hWIY0s9k4BXSTTmp7pElyqUqbGS1MVrY41953hvU1h9FWJaCBmaubHZdw39l4DvbtDXJGd0SCTXFsHBwUyDyFyzVdeXrwcGEeX5zPNqM5tUzChbbavTSjKK5b8fOk6RUtxONZ6N_h-vpJqrh7vcA7fNa7z013xLpwqcnd_ysIxbxB3YB2nCb1Xp4A7LDvfJ4vbPxIErCGd80PLvb539Lbha5M2IAijLCi_FtuAAtxJ3fV0yjl1An0Cn-D3xP0-4b-eJhoQub-bn4cG6BIkkyqhT_ri6q7nN2NnBA7M364AU3T_ccU6GHFABzufzu8UqxudvfLEqvnwm3FzvGZETVoiVT5j8T-aFF4iEuKTsJlOm8uzAnVcmjvlwKT0pWGZ2w-ukVeJE1HwvVCsqyPnBYzDo3sPj1m-ekBB45bQ4CjA5EqlsavuwZZNwk9imNWy5H2_sj7NClK0LCjKPItRsotlT_S3DttG4AhL7jOpyqUqLxpNmYBn_jrl_Pw7WVQxVORb7HPHOTvLLXCCG4EaWVYucG9gFriA1f0gyIzZ0oen2qSViidOsU0gu7EISNZ7zeCZJ3x3BVzul3Tk_I4hwm6kc0Pf6ffi481LU_ofgGyQV-sf3OfHP95NI_asbGgQcIfE1X2Ej_AMtJlRsBjwG2ks9B75ILEqK6mWOGCWzjYHaPhqZsiGwSOeENsrymn49gl1KmZ00FzOryx8tOIW06b0D4JUl3ZXiLxmdrgd-WvmdfPTT7XkWL-wkYS6qQHp6bMZc0fx-jFO6LNZ4EPABtGKskYxPP28SH0XRTuUEUyZ0JhPuKLdIBp3SOB60aSMVBPIJD30Sevae3Fp7aULweYIL8IyFg7wQbwWihZsGntlfXSKGU9LdIfWvD3r2uhv1VGKVKkMhI0GSPZcKmjxrErgBnHIfx3HBKpIGodgUFSBPNGrileTveYDy-UrVZsla-NEvZ1aKHjpzpBcRQPH_7zK9KloOmETstnJLflvqtD3XLdYOaVF5HfGh7bt8k-g2qYzACtt4h28G04s3Yvn4SisUTnEGFdkZhRiYd_mMJNQjXv6OUuVBxWgqOLjEGPJUfvsSelvfTZ2Gw7FhJK5mpG858EOidZfzmIznJBVBrmrnc8PbmYKsJGCl8PG_z0lMEG08DMJyqKSZUAQ1uLY7QM2sQmY7gy9VVHgAZUbAH91j3YHM32FgRgtfX_iOMnhIZ3p1s_YMMPcZ0wDISF5LeWzy9nETRmBd5gtlnzDdRVbJNYzIgHAgwuYhQtPb3luBx64h0spn2UdXlCJWMJZCoiXx69rj1kNzGruq2ZNgo0Q5XN5PaXlaElOAcSq0H06Quh04Ehz9IBtWjdqkBj7_dh7Oj_2G7UQEFbGRPhNnQ8ChwEhgBlNwyAJ3a64G3bMcQQhxoBx7V2v4yQBE7yV6EplIDg7XsBrApbE7K6IPLBLx-obBofmoAAWy3ymUCpzR-WIgqCsu0M7Ugol6N2Oh8i4lp-3FStCh5sAMixPXvi1FxgprA2HLjWNcjbNHD0OpWNMW0-SVZfz353PBefstbYiGGAbifyzuSLmUW_I2RsiZ1FGd3B-ObNeAtAtC0CrR3Df1FXqFd6OnxJl5NSWPKKR6j5P2NyN6iwhsRbTiAFGYUlyPwcW_U4L6qzf8hgdvths_glRxk01RTBU-RAvHthZb8e1ygZB_czGop1JZfDAEOn7EN5rOqDttJ738DIsc1w_NcM7homOQmFgRPnWSVo-QZHjFa0kk1DoJ6DGzXIDIgQ8Kua6Lw7ttK52KKE0nlagGM1YxZWWXtCxn0KyVfUkSa_ypN2ZTIq_f8-oIK0fgqLGfTyWPxagrIxdn6RH8wIZouNETmsgTx3-4R2ITNUaCY9YX3v7X6wQuX9OhU1FDF4zNAz-5MhKruGzcGrx8Oz4nZFBnCBobL3gNMMG8VUKD_vqsJ8T22rEMs14lC0YkwXkMf86oPWpK8eJwCaUFvPBi1MYxCWtBjbtIiTyTOiDruXfqlXk0_rIZpKYZSUU287eQgsHG2Iz-U4-Yn4HlKkUElVSrVp6ExIWbQYsnC4o_ROVwfhdgNW4SAroEI0LcEAW2urckDneRQS_nTllMYc5ZnhHIUP82vBBb3pG0glaer6BKv5lL2BQfGsoYtM3vPF1lZBL8R14e_QoN6e9iAatXD3KYFoMHz4exFM3UtVg0hyRdFO9I3g5Ry53LkWVpgixdST7sDSb9NpYU6OPDBdbX2t84l_hbdxXg6VBtgASYdiyED_iodbj3EUpaanDtgje8E4B02cjDg4TeNrCSoUWfAkTiSaHZaeZ2z74bPsAgekMNrKNB-CUDI0lGNJuREFMO_0dKV4zrPIZueKEY&cbvp=2&vis=1
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.64.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: lga34s31-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWaiPIMA9JjuFsxpfeV3zMyrnDlW0zodD06ViD7Ggw_9XbzHwY6Lfwns9f7gzUJ9SrlxapsLOTHu62VZsDA-MLyEcWLiJEm4gGDVYrZe6VUw_xMOm71b1-OKdK_IKJe8hCdAEfExQ==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.142 Newark, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s80-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-PAbs09MF_pATXhzBKD-ZNQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 12 Aug 2023 02:50:17 GMT
content-security-policy: script-src 'report-sample' 'nonce-PAbs09MF_pATXhzBKD-ZNQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://www.mediafire.com
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWaiPIMA9JjuFsxpfeV3zMyrnDlW0zodD06ViD7Ggw_9XbzHwY6Lfwns9f7gzUJ9SrlxapsLOTHu62VZsDA-MLyEcWLiJEm4gGDVYrZe6VUw_xMOm71b1-OKdK_IKJe8hCdAEfExQ==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.142 Newark, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s80-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-56UanxKG0xclcKLK-dcIig' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 12 Aug 2023 02:50:17 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-56UanxKG0xclcKLK-dcIig' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.mediafire.com
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 AGSKWxWxtY8JIaA1LiEuWs1iMHChYTft97jOoqeBaCs-spDkGvqDGrZs2fm1HzEEXBJgkCVEdHZgoDbGBMJdQWZrLAQoEUvIhFh7P8wvxWkV8ezz3j3r1iY8kGwE_G90vCKFkLEVEObESA== Show response
fundingchoicesmessages.google.com/f/ 4 KB
2 KB 74ms
73ms Script
application/javascript 142.251.40.142
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxWxtY8JIaA1LiEuWs1iMHChYTft97jOoqeBaCs-spDkGvqDGrZs2fm1HzEEXBJgkCVEdHZgoDbGBMJdQWZrLAQoEUvIhFh7P8wvxWkV8ezz3j3r1iY8kGwE_G90vCKFkLEVEObESA==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNjkxODA4NjE3LDYzNzAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsNl0sbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsMV0sImh0dHBzOi8vd3d3Lm1lZGlhZmlyZS5jb20vZmlsZS8ydng2Njc1YzV3a2Y5NXMvT21lZ2xlX2xvYWRpbmdfdmlkZW8tX0ZyZWVfRG93bmxvYWQubXA0L2ZpbGUiLG51bGwsW1s4LCJULUZEemVRdFI2YyJdLFs5LCJlbi1VUyJdLFsxOSwiMiJdXV0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.142 Newark, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s80-in-f14.1e100.net

Software

ESF /

Resource Hash

a71a8b796c9ca3c36497776219dcccdf4353645bf796ae341452b975f544bfa8

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-b1a8bKlkFfjJtlr9SXHQXQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:17 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-b1a8bKlkFfjJtlr9SXHQXQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 AGSKWxW9OhqaYbuIJTt8urHznXbAQ-NlGUS7inXlqFkVR0E6WhvKY_Dc5JayLM0-C1dIxw1kKZnUdMmIvLkguVLvl_TcohVi6P6xmKqS4084UYjkCOUYWLD54LQTJdxYdTfakBz8smcrBg== Show response
fundingchoicesmessages.google.com/f/ 3 KB
2 KB 74ms
73ms Script
application/javascript 142.251.40.142
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxW9OhqaYbuIJTt8urHznXbAQ-NlGUS7inXlqFkVR0E6WhvKY_Dc5JayLM0-C1dIxw1kKZnUdMmIvLkguVLvl_TcohVi6P6xmKqS4084UYjkCOUYWLD54LQTJdxYdTfakBz8smcrBg==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNjkxODA4NjE3LDcxNjAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsNiwxMF0sbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsMV0sImh0dHBzOi8vd3d3Lm1lZGlhZmlyZS5jb20vZmlsZS8ydng2Njc1YzV3a2Y5NXMvT21lZ2xlX2xvYWRpbmdfdmlkZW8tX0ZyZWVfRG93bmxvYWQubXA0L2ZpbGUiLG51bGwsW1s4LCJULUZEemVRdFI2YyJdLFs5LCJlbi1VUyJdLFsxOSwiMiJdXV0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.142 Newark, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s80-in-f14.1e100.net

Software

ESF /

Resource Hash

4a31f5f054b33a0703dbbe2d71dcdfdbbec556ebc233930f6ab9e06d5cef9aa8

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-CsbO8bU4ab7UxVO9aYNkeg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:17 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-CsbO8bU4ab7UxVO9aYNkeg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 AGSKWxWCdrY7QtPq1LnsaXTnSneytbpRiHjmbPPYbnLZRuq9czWuxACXBFQYW-PrdIvfvCoHHlLIOL9PVaDTXqEL6oWIOPGAH7T6lZ-xLAQSQveazpI40az8adTPQ1LsZ4W2dr5AfJLV0g== Show response
fundingchoicesmessages.google.com/f/ 3 KB
2 KB 75ms
75ms Script
application/javascript 142.251.40.142
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxWCdrY7QtPq1LnsaXTnSneytbpRiHjmbPPYbnLZRuq9czWuxACXBFQYW-PrdIvfvCoHHlLIOL9PVaDTXqEL6oWIOPGAH7T6lZ-xLAQSQveazpI40az8adTPQ1LsZ4W2dr5AfJLV0g==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNjkxODA4NjE3LDc5NjAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsNiwxMCw5XSxudWxsLDIsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCwxXSwiaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzJ2eDY2NzVjNXdrZjk1cy9PbWVnbGVfbG9hZGluZ192aWRlby1fRnJlZV9Eb3dubG9hZC5tcDQvZmlsZSIsbnVsbCxbWzgsIlQtRkR6ZVF0UjZjIl0sWzksImVuLVVTIl0sWzE5LCIyIl1dXQ

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.142 Newark, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s80-in-f14.1e100.net

Software

ESF /

Resource Hash

75cca64ef78b1e3def51ffafbd10aa1ef20bf3056548a48de0ec614dae7c9cc5

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-y2LvtJq3nysVzuBTo_MYhg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:17 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-y2LvtJq3nysVzuBTo_MYhg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
analytics.google.com/g/ 0
45 B 46ms
45ms Ping
text/plain 142.250.65.238
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-K68XP6D85D&gtm=45je3890&_p=610715742&cid=1193569433.1691808612&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEI&sid=1691808611&sct=1&seg=0&dl=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F2vx6675c5wkf95s%2FOmegle_loading_video-_Free_Download.mp4%2Ffile&dt=Omegle%20loading%20video-%20Free%20Download&_s=2
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-K68XP6D85D&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.65.238 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: lga25s73-in-f14.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.mediafire.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sat, 12 Aug 2023 02:50:17 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.mediafire.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxVUJ2pWG9xcfpEgwkDpyX1Ow3RVnFvsFO2r3x0fyNONAVyT18CukOMMewek-D79cpunAXL4A3dTWwMtZ084VrmyPnBSHMXQ98HEcYDW_DeJ5Xaw1vtMoOl1XC4Q__SDwO3Z_XssmQ== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 54ms
54ms XHR
text/html 142.251.40.142
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVUJ2pWG9xcfpEgwkDpyX1Ow3RVnFvsFO2r3x0fyNONAVyT18CukOMMewek-D79cpunAXL4A3dTWwMtZ084VrmyPnBSHMXQ98HEcYDW_DeJ5Xaw1vtMoOl1XC4Q__SDwO3Z_XssmQ==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.142 Newark, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s80-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-N_27_mOAqbkyHgnLIiWY1g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 12 Aug 2023 02:50:17 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-N_27_mOAqbkyHgnLIiWY1g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://www.mediafire.com
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 5D09 42 B
64 B 113ms
49ms Fetch
image/gif 142.251.40.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu7h6nK7Cj5CW-7oKUnFHqOr-n6_wmpNA-B5LGEj147xgGM0-Np2oKG7mcasiFTsggDL2KVzdeDvlOfYVKGK6QHgVUmjqUBMvKPebYn&sig=Cg0ArKJSzOjsqxn2iMUjEAE&id=lidar2&mcvt=1000&p=420,320,670,620&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230809&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=504956327&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1691808612905&rpt=4284&isd=0&lsd=0&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.194 Newark, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s38-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 12 Aug 2023 02:50:18 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 2EED 2 KB
3 KB 28ms
28ms Script
text/html 104.36.115.113
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=23760832&p=158936&s=0&a=0&ptask=ALL&np=0&fp=0&rp=1&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=1---
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.115.113 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: d21de028cdd89d37b6c5cef445662fb067ba46d05d78e79796684905ea4369fc

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-type: text/html; charset=UTF-8
date: Sat, 12 Aug 2023 02:50:17 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame DBF8
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=11&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=c3Z9WCaRXJBBFEK6nxsb1lYwDiI&gdpr=0&gdpr_consent=

42 B
300 B

31ms
31ms

Document
image/gif

162.248.18.37
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=c3Z9WCaRXJBBFEK6nxsb1lYwDiI&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 162.248.18.37 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Sat, 12 Aug 2023 02:50:18 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

Connection: keep-alive
Content-Length: 188
Content-Type: text/html; charset=utf-8
Date: Sat, 12 Aug 2023 02:50:18 GMT
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=c3Z9WCaRXJBBFEK6nxsb1lYwDiI&gdpr=0&gdpr_consent=

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame CB83
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:YRRi7ETa1QuEHJ5&gdpr=0&gdpr_consent=

42 B
299 B

28ms
28ms

Document
image/gif

162.248.18.37
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:YRRi7ETa1QuEHJ5&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 162.248.18.37 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Sat, 12 Aug 2023 02:50:17 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Date: Sat, 12 Aug 2023 02:50:17 GMT
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:YRRi7ETa1QuEHJ5&gdpr=0&gdpr_consent=
Pragma: no-cache
Server: PingMatch/v2.0.30-785-gcf3d607#rel-ec2-master i-022bdd170fe9c03be@us-east-1b@dxedge-app-us-east-1-prod-asg
Strict-Transport-Security: max-age=2592000; includeSubDomains

GET
H2

200

i.match Show response
s.tribalfusion.com/z/ Frame E4FF
Redirect Chain

https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATI...
https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMA...

43 B
420 B

98ms
86ms

Document
image/gif

104.18.24.173
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.24.173 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f49e616d278a16d9cd55a6d5fe19c99ebd37d7d3848d14422190618b67011e0

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-cache private
cf-cache-status: DYNAMIC
cf-ray: 7f5568fbaa50a1e6-YYZ
content-length: 43
content-type: image/gif; charset=utf-8
date: Sat, 12 Aug 2023 02:50:18 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: CP="NOI DEVo TAIa OUR BUS"
pragma: no-cache
server: cloudflare
x-function: 302

Redirect headers

alt-svc: h3=":443"; ma=86400
cache-control: no-cache private
cf-cache-status: DYNAMIC
cf-ray: 7f5568fb099fa1e6-YYZ
content-type: text/html
date: Sat, 12 Aug 2023 02:50:18 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
p3p: CP="NOI DEVo TAIa OUR BUS"
pragma: no-cache
server: cloudflare
x-function: 206
x-reuse-index: 3938

GET
H/1.1

200
OK

pbmtc.gif Show response
beacon.lynx.cognitivlabs.com/ Frame 8A96
Redirect Chain

https://beacon.lynx.cognitivlabs.com/pbmtc.gif?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0xJnR5cGU9MSZjb2RlPTM0MzkmdGw9MTI5NjAw&piggybackCookie=$UID
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0xJnR5cGU9MSZjb2RlPTM0MzkmdGw9MTI5NjAw&piggybackCookie=83f29d8e-a354-4085-b109-2fae813b68ea&r=https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=$...
https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=D4E60507-3D6E-4B86-BC65-074A03A0A8BC

42 B
489 B

36ms
36ms

Document
image/gif

54.225.185.242

General

Check archive.org

Show headers Download Go to

Full URL: https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=D4E60507-3D6E-4B86-BC65-074A03A0A8BC
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.225.185.242 -, , ASN (),
Reverse DNS
Software: Kestrel /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Connection: keep-alive
Content-Length: 42
Content-Type: image/gif
Date: Sat, 12 Aug 2023 02:50:25 GMT
Server: Kestrel

Redirect headers

cache-control: no-store, no-cache, private
date: Sat, 12 Aug 2023 02:50:25 GMT
location: https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=D4E60507-3D6E-4B86-BC65-074A03A0A8BC
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 6A28
Redirect Chain

https://ad.mrtnsvr.com/sync/pubmatic?gdpr=0&gdpr_consent=
https://image6.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0NTgmdGw9MTI5NjAw%26piggybackCookie%3D%23PM_USER_ID%26gdpr...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NTgmdGw9MTI5NjAw&piggybackCookie=D4E60507-3D6E-4B86-BC65-074A03A0A8BC&gdpr=0&gdpr_consent=

42 B
549 B

30ms
28ms

Document
image/gif

162.248.18.37
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NTgmdGw9MTI5NjAw&piggybackCookie=D4E60507-3D6E-4B86-BC65-074A03A0A8BC&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 162.248.18.37 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Sat, 12 Aug 2023 02:50:21 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

content-length: 0
content-type: text/html; charset=UTF-8
date: Sat, 12 Aug 2023 02:50:20 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NTgmdGw9MTI5NjAw&piggybackCookie=D4E60507-3D6E-4B86-BC65-074A03A0A8BC&gdpr=0&gdpr_consent=
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 64AC
Redirect Chain

https://csync.loopme.me/?pubid=11331&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={viewer_token}
https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}

0
74 B

28ms
28ms

Document
text/html

162.248.18.37
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 162.248.18.37 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Sat, 12 Aug 2023 02:50:19 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

content-length: 0
date: Sat, 12 Aug 2023 02:50:19 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}
server: _

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 7F35
Redirect Chain

https://ums.acuityplatform.com/tum?umid=6
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI5NDcmdGw9MTI5NjAw&piggybackCookie=812464508980

42 B
287 B

29ms
28ms

Document
image/gif

162.248.18.37
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI5NDcmdGw9MTI5NjAw&piggybackCookie=812464508980
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 162.248.18.37 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Sat, 12 Aug 2023 02:50:19 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

Access-Control-Allow-Origin: *
Content-Length: 0
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI5NDcmdGw9MTI5NjAw&piggybackCookie=812464508980

GET
H2

200

user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 2EED
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=1OYFBz1uS4a8ZQdKA6CovA%3D%3D&gdpr=0&gdpr_consent=
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=

15 KB
15 KB

33ms
33ms

Image
text/html

23.77.173.8
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file
Protocol: H2
Server: 23.77.173.8 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-77-173-8.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:18 GMT
content-encoding: gzip
last-modified: Tue, 11 Jul 2023 09:39:35 GMT
server: Apache
vary: Accept-Encoding
content-type: text/html
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: max-age=87373
accept-ranges: bytes
content-length: 5606
expires: Sun, 13 Aug 2023 03:06:31 GMT

Redirect headers

pragma: no-cache
date: Sat, 12 Aug 2023 02:50:18 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 301
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

receive
pixel.tapad.com/idsync/ex/ Frame 2EED
Redirect Chain

https://pixel.tapad.com/idsync/ex/receive?partner_id=3371&partner_device_id=D4E60507-3D6E-4B86-BC65-074A03A0A8BC
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3371&partner_device_id=D4E60507-3D6E-4B86-BC65-074A03A0A8BC
https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=3a3c754e-49da-4120-808f-90244ab39d1e%252C%252C&gdpr=0&gdpr_consent=
https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=0f47a966-b427-4320-bc28-81b881249716&ttd_puid=3a3c754e-49da-4120-808f-90244ab39d1e%2C%2C

95 B
124 B

55ms
55ms

Image
image/png

34.111.113.62
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=0f47a966-b427-4320-bc28-81b881249716&ttd_puid=3a3c754e-49da-4120-808f-90244ab39d1e%2C%2C

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file

Protocol

Server

34.111.113.62 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

62.113.111.34.bc.googleusercontent.com

Software

Jetty(11.0.13) /

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:18 GMT
strict-transport-security: max-age=31536000
via: 1.1 google
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: Jetty(11.0.13)
content-type: image/png
access-control-allow-origin: *
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 95

Redirect headers

pragma: no-cache
date: Sat, 12 Aug 2023 02:50:18 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=0f47a966-b427-4320-bc28-81b881249716&ttd_puid=3a3c754e-49da-4120-808f-90244ab39d1e%2C%2C
content-type: text/html
cache-control: private,no-cache, must-revalidate
content-length: 359

GET
H/1.1 403
Forbidden FZt5psomz79DGe~O1V5PkX7S8-NVJIdw0INR-k~Duu9c36GyIDyElf4y8fa2~-9InNSq4BCadyu-8tQSiIkaVleT~Yh8GI4ocNSeo4~API4DJEsYNIMg2sPMMXvjcckTUFy53ZYw3gzv35jSAchydRkSr2XFgqe-kzzlKTlv1VT7-TlAc0PcX7nFzbKlHypwbpU3A...
us01.z.antigena.com/l/ Frame 2EED 0
0 356ms
33ms Image
text/html 40.76.134.238
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us01.z.antigena.com/l/FZt5psomz79DGe~O1V5PkX7S8-NVJIdw0INR-k~Duu9c36GyIDyElf4y8fa2~-9InNSq4BCadyu-8tQSiIkaVleT~Yh8GI4ocNSeo4~API4DJEsYNIMg2sPMMXvjcckTUFy53ZYw3gzv35jSAchydRkSr2XFgqe-kzzlKTlv1VT7-TlAc0PcX7nFzbKlHypwbpU3AWUAJgUx%20D4E60507-3D6E-4B86-BC65-074A03A0A8BC&rnd=RND
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 40.76.134.238 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

GET
H2

200

xuid
eb2.3lift.com/ Frame 2EED
Redirect Chain

https://eb2.3lift.com/xuid?mid=7976&xuid=D4E60507-3D6E-4B86-BC65-074A03A0A8BC&dongle=u6nf&gdpr=0&gdpr_consent=
https://eb2.3lift.com/xuid?ld=1&mid=7976&xuid=D4E60507-3D6E-4B86-BC65-074A03A0A8BC&dongle=u6nf&gdpr=0&cmp_cs=&us_privacy=

37 B
355 B

41ms
41ms

Image
image/gif

35.71.139.29
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?ld=1&mid=7976&xuid=D4E60507-3D6E-4B86-BC65-074A03A0A8BC&dongle=u6nf&gdpr=0&cmp_cs=&us_privacy=
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file
Protocol: H2
Server: 35.71.139.29 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: afb83dd09526a6517.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-type: image/gif
date: Sat, 12 Aug 2023 02:50:18 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location: /xuid?ld=1&mid=7976&xuid=D4E60507-3D6E-4B86-BC65-074A03A0A8BC&dongle=u6nf&gdpr=0&cmp_cs=&us_privacy=
date: Sat, 12 Aug 2023 02:50:18 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H/1.1

200
OK

sn.ashx
pmp.mxptint.net/ Frame 2EED
Redirect Chain

https://pmp.mxptint.net/sn.ashx?&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjc0NCZ0bD0xNTc2ODAw&piggybackCookie=R35CAB_10745C7CA_569779A6&r=https://pmp.mxptint.net/sn.ashx?ak=1
https://pmp.mxptint.net/sn.ashx?ak=1

43 B
266 B

37ms
37ms

Image
image/gif

38.68.201.140

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pmp.mxptint.net/sn.ashx?ak=1

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file

Protocol

HTTP/1.1

Server

38.68.201.140 -, , ASN (),

Reverse DNS

Software

Resource Hash

98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=-374813425; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Expires: -1
Pragma: no-cache
Date: Sat, 12 Aug 2023 02:50:25 GMT
Cache-Control: no-cache
Strict-Transport-Security: max-age=-374813425; includeSubDomains
Content-Length: 43
Content-Type: image/gif

Redirect headers

location: https://pmp.mxptint.net/sn.ashx?ak=1
date: Sat, 12 Aug 2023 02:50:25 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 204 pixelSync
pixel-sync.sitescout.com/dmp/ Frame 2EED 0
187 B 1118ms
32ms Image
text/plain 207.198.113.89

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent=
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 207.198.113.89 -, , ASN (),
Reverse DNS
Software: A /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
pragma: no-cache
date: Sat, 12 Aug 2023 02:50:19 GMT
cache-control: max-age=0,no-cache,no-store
server: A
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 2EED
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COO...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=7333337892909792278

42 B
322 B

28ms
27ms

Image
image/gif

162.248.18.37
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=7333337892909792278
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file
Protocol: H2
Server: 162.248.18.37 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Sat, 12 Aug 2023 02:50:18 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Sat, 12 Aug 2023 02:50:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=7333337892909792278
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 SPug Show response
simage4.pubmatic.com/AdServer/ Frame 6406 0
128 B 28ms
28ms Script
text/plain 162.248.18.34
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage4.pubmatic.com/AdServer/SPug?partnerID=158936&gdpr=0&gdpr_consent=&us_privacy=1---
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 162.248.18.34 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:17 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 200 SPug Show response
simage4.pubmatic.com/AdServer/ Frame DC23 0
48 B 29ms
28ms Script
text/plain 162.248.18.34
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage4.pubmatic.com/AdServer/SPug?partnerID=158936&gdpr=0&gdpr_consent=&us_privacy=1---
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 162.248.18.34 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:17 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 200 SPug Show response
simage4.pubmatic.com/AdServer/ Frame 2EED 0
128 B 30ms
29ms Script
text/plain 162.248.18.34
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage4.pubmatic.com/AdServer/SPug?partnerID=158936&gdpr=0&gdpr_consent=&us_privacy=1---
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 162.248.18.34 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:19 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 2EED 2 KB
2 KB 28ms
28ms Script
text/html 104.36.115.113
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=64418664&p=158936&s=0&a=0&ptask=ALL&np=0&fp=0&rp=1&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=1---
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.115.113 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: 9691891276a4b6ad0ef2da39b1dfc159f995fa8d309ba349115469b8b0cad637

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-type: text/html; charset=UTF-8
date: Sat, 12 Aug 2023 02:50:21 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame A725
Redirect Chain

https://t.adx.opera.com/pub/sync?pubid=pub8730968190912
https://image2.pubmatic.com/AdServer/Pug?piggybackCookie=OPU4ba08041be904fa589279f9421e44f32&vcode=bz0yJnR5cGU9MSZjb2RlPTM0ODkmdGw9NDMyMDA%3D

42 B
95 B

33ms
33ms

Document
image/gif

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?piggybackCookie=OPU4ba08041be904fa589279f9421e44f32&vcode=bz0yJnR5cGU9MSZjb2RlPTM0ODkmdGw9NDMyMDA%3D
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Sat, 12 Aug 2023 02:50:21 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With
access-control-allow-methods: POST, GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
content-length: 168
content-type: text/html; charset=utf-8
date: Sat, 12 Aug 2023 02:50:22 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
location: https://image2.pubmatic.com/AdServer/Pug?piggybackCookie=OPU4ba08041be904fa589279f9421e44f32&vcode=bz0yJnR5cGU9MSZjb2RlPTM0ODkmdGw9NDMyMDA%3D
pragma: no-cache
server: nginx

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 8076
Redirect Chain

https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent=
https://sync.1rx.io/usersync2/pubmatic?zcc=1&cb=1691808622644
https://ad.turn.com/r/cs?pid=45&rndcb=108259672
https://sync.1rx.io/usersync/turn/2778506454670933063?dspret=1&gdpr=&gdpr_consent=&us_privacy=
https://sync.targeting.unrulymedia.com/csync/RX-de9aaf0b-bb09-4020-b812-38649aac1cd1-005?redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-de9aaf0b-bb09-4020-b812-38649aac1cd1-005

42 B
332 B

29ms
28ms

Document
image/gif

162.248.18.37
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-de9aaf0b-bb09-4020-b812-38649aac1cd1-005
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 162.248.18.37 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Sat, 12 Aug 2023 02:50:23 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

Connection: keep-alive
Content-Type: text/html
Date: Sat, 12 Aug 2023 02:50:23 GMT
ETag: RXde9aaf0bbb094020b81238649aac1cd1005
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-de9aaf0b-bb09-4020-b812-38649aac1cd1-005
P3P: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
Server: Tengine
Transfer-Encoding: chunked

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame C331
Redirect Chain

https://gocm.c.appier.net/pubmatic
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=dbaGYXGaAsW_N1pCb_PWZA

42 B
278 B

34ms
33ms

Document
image/gif

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=dbaGYXGaAsW_N1pCb_PWZA
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Sat, 12 Aug 2023 02:50:22 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

accept-ch: Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
cache-control: no-store
content-length: 153
content-type: text/html; charset=utf-8
date: Sat, 12 Aug 2023 02:50:23 GMT
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=dbaGYXGaAsW_N1pCb_PWZA
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: nginx

GET
H2 200 cm Show response
ipac.ctnsnet.com/int/ Frame 86C9 43 B
369 B 1111ms
40ms Document
image/gif 35.186.193.173

General

Check archive.org

Show headers Download Go to

Full URL: https://ipac.ctnsnet.com/int/cm?exc=14&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MTEmdGw9MjAxNjA=&piggybackCookie=[user_id]
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.193.173 -, , ASN (),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 43
content-type: image/gif
date: Sat, 12 Aug 2023 02:50:21 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: CP="NOI DSP COR NID CUR OUR NOR"
pragma: no-cache
server: Apache-Coyote/1.1
via: 1.1 google

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame EFD0
Redirect Chain

https://mweb.ck.inmobi.com/sync/15?redirect=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA%3D%3D%26piggybackCookie%3D%24DSP_CKID
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=7eef817a-c7f0-485d-bb82-8ef687d3ea3b

1 B
72 B

35ms
34ms

Document
text/html

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=7eef817a-c7f0-485d-bb82-8ef687d3ea3b
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 1
content-type: text/html; charset=utf-8
date: Sat, 12 Aug 2023 02:50:22 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

content-length: 0
date: Sat, 12 Aug 2023 02:50:22 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=7eef817a-c7f0-485d-bb82-8ef687d3ea3b
strict-transport-security: max-age=15724800; includeSubDomains

GET
H/1.1 204
No Content pub
matching.truffle.bid/sync/ Frame 7FF3 0
0 1360ms
109ms Document
text/plain 162.55.120.196

General

Check archive.org

Show headers Download Go to

Full URL

https://matching.truffle.bid/sync/pub?sid=161&suid=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NDQmdGw9MjAxNjA=&piggybackCookie=$UID

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

162.55.120.196 -, , ASN (),

Reverse DNS

Software

nginx/1.23.3 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Connection: keep-alive
Date: Sat, 12 Aug 2023 02:50:22 GMT
Server: nginx/1.23.3
Strict-Transport-Security: max-age=15768000

GET
H/1.1 200
OK cookiesync Show response
core.iprom.net/ Frame A1EA 43 B
279 B 1579ms
140ms Document
image/gif 195.5.165.20

General

Check archive.org

Show headers Download Go to

Full URL: https://core.iprom.net/cookiesync?gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 195.5.165.20 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Connection: close
Content-Length: 43
Content-Type: image/gif
Date: Sat, 12 Aug 2023 02:50:23 GMT
Vary: Accept-Encoding
X-adserver-worker: ragnarok-3e19922b441c@version_1.566
X-core-time: 1ms
X-server-arch: v2

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 103D
Redirect Chain

https://px.owneriq.net/epm?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw&piggybackCookie=$UID
https://px.owneriq.net/ecc?redir=https%3a%2f%2fsimage2.pubmatic.com%2fAdServer%2fPug%3fvcode%3dbz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw%26piggybackCookie%3dQ7450950221899324102&uid=Q745095022189932...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw&piggybackCookie=Q7450950221899324102

42 B
95 B

28ms
28ms

Document
image/gif

162.248.18.37
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw&piggybackCookie=Q7450950221899324102
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 162.248.18.37 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Sat, 12 Aug 2023 02:50:23 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

Cache-Control: max-age=33438
Connection: keep-alive
Content-Length: 154
Content-Type: text/html
Date: Sat, 12 Aug 2023 02:50:24 GMT
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw&piggybackCookie=Q7450950221899324102
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server: Apache/2.4.6 (CentOS)
Vary: Accept-Encoding
X-Powered-By: PHP/7.3.33

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 711B
Redirect Chain

https://um.simpli.fi/pm_match?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:497B82719425476FA94697E20A366A4D&gdpr=0&gdpr_consent=

1 B
53 B

30ms
29ms

Document
text/html

162.248.18.37
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:497B82719425476FA94697E20A366A4D&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 162.248.18.37 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 1
content-type: text/html; charset=utf-8
date: Sat, 12 Aug 2023 02:50:21 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-length: 142
content-type: text/html
date: Sat, 12 Aug 2023 02:50:21 GMT
expires: Fri, 11 Aug 2023 02:50:21 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:497B82719425476FA94697E20A366A4D&gdpr=0&gdpr_consent=
server: openresty
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff

GET
H2 200 insync
thrtle.com/ Frame 2EED 43 B
294 B 41ms
38ms Image
image/gif 18.233.70.253
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://thrtle.com/insync?vxii_pid=10067&vxii_pdid=D4E60507-3D6E-4B86-BC65-074A03A0A8BC&gdpr=0&gdpr_consent=
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.233.70.253 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-233-70-253.compute-1.amazonaws.com
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

p3p: CP="NOI OUR BUS UNI COM NAV"
date: Sat, 12 Aug 2023 02:50:21 GMT
content-length: 43
content-type: image/gif

GET
H2 200 sd
us-u.openx.net/w/1.0/ Frame 2EED 43 B
114 B 30ms
27ms Image
image/gif 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=540245193&val=D4E60507-3D6E-4B86-BC65-074A03A0A8BC&gdpr=0&gdpr_consent=
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 12 Aug 2023 02:50:21 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK Martin
crb.kargo.com/api/v1/dsync/ Frame 2EED 43 B
504 B 3208ms
36ms Image
image/gif 54.156.202.94

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://crb.kargo.com/api/v1/dsync/Martin?exid=D4E60507-3D6E-4B86-BC65-074A03A0A8BC&gdpr=0&gdpr_consent=
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.156.202.94 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 12 Aug 2023 02:50:24 GMT
X-Accel-Expires: 0
Vary: Origin
Content-Type: image/gif
Cache-Control: no-cache, no-store, must-revalidate, private, max-age=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H/1.1 204 sync
sync.bfmio.com/ Frame 2EED 0
425 B 1160ms
34ms Image
text/plain 52.21.24.201

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.bfmio.com/sync?pid=187&uid=D4E60507-3D6E-4B86-BC65-074A03A0A8BC&gdpr=0&gdpr_consent=
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.21.24.201 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Connection: keep-alive
Date: Sat, 12 Aug 2023 02:50:21 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 2EED
Redirect Chain

https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=6509273573175081155

42 B
95 B

32ms
31ms

Image
image/gif

162.248.18.37
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=6509273573175081155
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file
Protocol: H2
Server: 162.248.18.37 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Sat, 12 Aug 2023 02:50:22 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Sat, 12 Aug 2023 02:50:22 GMT
an-x-request-uuid: ba3a5c75-6506-4695-98fa-0d99e9d12285
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=6509273573175081155
x-proxy-origin: 86.48.14.34; 86.48.14.34; 575.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 2BF7 0
0 109ms
47ms Fetch
image/gif 142.250.64.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstIc361gGqMbGOdRsWp39W_icHtYJT_nZuX9Mtr5WlEOPuCz8Q9_v51LvUhTeGBzT-F3CVB-m2PyDsBwNniaMl2-ZSPm9xxEtPdCAvEJij_NAzd8d-N_ajdTxGaS6pkrTCyPKbMA6VPxeMvBYfY-xIDA1he4Gs9ECH72tccjRu7RbG9TA15r1s2bR9tb51hnwFFKknXOO5KC0UwAGL9vxVJlzrtBTkSupOyJBnu7PtwMQDZ9A4fQY9OqkoOwABynW6kwADzWoFwmbZfp96gUsaEuiM2xFRXI-BvA_58i-vk-OyQOZngpXyPOZP2hjuFzgumRPF9lKfItDTAsxM&sai=AMfl-YSnx0o97Xe-ibwMQq5M2ES-wjRxAnlad_0GVEVe1T2CxglNP-d-Lo_UHN7Cvznqy8QWhbv-sb-wm4AuY3jLzSg2XUJZFyGooIpwYzARTiUyMx-u5TRumPERct9qSXdReoG-yQ5AqyGZek5SnylR&sig=Cg0ArKJSzHkKhdtZtrnxEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.64.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s31-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:21 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 12 Aug 2023 02:50:21 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 8E5F 0
0 76ms
49ms Fetch
image/gif 142.250.64.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsufIybEhyFFMaWhTT2AaEC9OcyMFYizpkWSZWAjp0q6MJJoY0-0LQn3G9xbQI7yFhH_jOwxgz-1kVZuINhv9VYnH3_q4H8G8C0SS6HdJYA9omVvfhaFBdrUZwwerP9hi0TUbZyooYDDolmo3S6eZu-npQEw4YvGQqUq7Hnsv-NeZ6mB6SJIoRO21HwRSnMjFTlGI3YV0hGozgyeHnc6VI4osxen0r4EdeChzYKZq5hAhqj6T8sGpJ_gOxtNFNPgQZL6FZBt0RxXNAZeO5Eo_WsBNTTshtbbKmGqzkKhANF2klp3ziL57YcBrUr98xKzkNBA_Mvp8KvTB4mU6g&sai=AMfl-YTF3bEnO5rHo_bVuL5iaBZNJ1e_O84X27Wm52lx1wPdmyOfP3AqkRDh_HIKdf_nPV14wzmkBWext_RDhNU_qB_2k5FrfVhikB4zdGUelyTzb9xI1xjwdiZ0e4xbRxD3LwqmjPQ4pAqipZwjizdf&sig=Cg0ArKJSzMOLqhZ5Crg0EAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.64.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s31-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:21 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 12 Aug 2023 02:50:21 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 077C 0
0 48ms
47ms Fetch
image/gif 142.250.64.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjss7TY-ssZeAeH6JoTft4i6reBF0XUhDYGzgMTSt8NW5wPwqjEobhOt2D1Jth_tsNd870gp01lLMJLYNEhr1JmX2RDx75nwkvxCfe9NnSBQJ6yRricRh-idt13ikGpuKCUxjukN85SxvCtCCV8w3y2kca8bRT7lvDsif2M8sLuXdBlEw2jfEPTzFg9hKZxpxob04RRxePWQxccABtBCSDfAs_OvwofZlmaJbVMh7RnbcWxNWXb3YwGd7dHz4jQlhOiN7nigGXecMirPLlme126y1bZekfKajDW-zwyUXMfbUYRysJGtPKxw7d7kF8VogzUwwNtUcbvN3X7nqvA&sai=AMfl-YQ51WcmHNcDHCl-QV-VLgjUKFgMDD4fTo0YROW7yhS4xhvCbCe-w1_zWqEvxdnPQGCM9eFmvetfe-cDb6Js9NV6dYWADj24EbjgtDHGP_ypAgXYLsTlsogLVSjj-gJ6yJNdrm37YsjqKrk9hIFt&sig=Cg0ArKJSzAMF5_0Il5K6EAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.64.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s31-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:21 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 12 Aug 2023 02:50:21 GMT

OPTIONS
H3 200 log
translate.googleapis.com/element/ Frame 0
0 106ms
43ms Preflight
text/plain 142.251.32.106
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://translate.googleapis.com/element/log?format=json&hasfast=true&authuser=0

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.32.106 Marriottsville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s77-in-f10.1e100.net

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-encoding,content-type,x-goog-authuser
Access-Control-Request-Method: POST
Origin: https://www.mediafire.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,content-encoding,content-type,x-goog-authuser,origin
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://www.mediafire.com
access-control-max-age: 86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/plain; charset=UTF-8
date: Sat, 12 Aug 2023 02:50:22 GMT
server: Playlog
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 log Show response
translate.googleapis.com/element/ 131 B
152 B 46ms
46ms XHR
text/plain 142.251.32.106
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://translate.googleapis.com/element/log?format=json&hasfast=true&authuser=0

Requested by

Host:
URL: /_/translate_http/_/js/k=translate_http.tr.en_US.cxx1ue4THeQ.O/d=1/rs=AN8SPfpgtIztz1wQfUWXQbKcvAvK2rZngg/m=el_conf

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.32.106 Marriottsville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s77-in-f10.1e100.net

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Content-Encoding: gzip
Referer: https://www.mediafire.com/
X-Goog-AuthUser: 0
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: application/binary

Response headers

date: Sat, 12 Aug 2023 02:50:22 GMT
content-encoding: gzip
server: Playlog
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.mediafire.com
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: X-Playlog-Web
content-length: 131
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 ca Show response
choices.trustarc.com/ Frame 9E34 6 KB
3 KB 153ms
58ms Script
text/javascript 108.139.29.37

General

Check archive.org

Show headers Download Go to

Full URL

https://choices.trustarc.com/ca?aid=adtheorent01&pid=adtheorent01&cid=12483&w=300&h=250&c=adtheorent01cont334144&js=pmw1&base=te-clr1-ec34fd84-18e6-4b29-b1e5-8eb6ccf6bbec&plc=tr

Requested by

Host: choices.truste.com
URL: https://choices.truste.com/ca?pid=adtheorent01&aid=adtheorent01&cid=12483&c=adtheorent01cont334144&w=300&h=250&js=pmw0&plc=tr&uid=08cf3de0c6ac4a825de489216705c8d4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.139.29.37 -, , ASN (),

Reverse DNS

Software

nginx /

Resource Hash

9dc89e5b713b73f0381a206011373971e839045d008a2c521885f1dbe09d1cab

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' ; font-src 'self' ; style-src 'self' 'unsafe-inline' ; img-src 'self' data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' ; frame-ancestors 'self' ; connect-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; object-src 'self' ; media-src 'self' ; child-src 'self' ; worker-src 'self' ; manifest-src 'self' *;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 45c692e896f6d5351f0f0a998ed4f588.cloudfront.net (CloudFront)
content-security-policy: default-src 'self' 'unsafe-eval' *; font-src 'self' *; style-src 'self' 'unsafe-inline' *; img-src 'self' * data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' *; frame-ancestors 'self' *; connect-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; object-src 'self' *; media-src 'self' *; child-src 'self' *; worker-src 'self' *; manifest-src 'self' *;
x-amz-cf-pop: JFK50-P2
cross-origin-embedder-policy: unsafe-none
x-cache: Miss from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 2235
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: origin
server: nginx
cross-origin-opener-policy: unsafe-none
expect-ct: max-age=31536000
x-frame-options: SAMEORIGIN
vary: Accept-Encoding, Origin
content-type: text/javascript;charset=UTF-8
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy: geolocation=(), microphone=(), payment=()
x-amz-cf-id: zN2HewuHR0581y1RP6mHEIfwnn7f55FNFcWHbzYbi4g1YRenPeaOgQ==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 ca Show response
choices.trustarc.com/ Frame 9E34 38 KB
12 KB 133ms
39ms Script
text/javascript 108.139.29.37

General

Check archive.org

Show headers Download Go to

Full URL

https://choices.trustarc.com/ca?aid=adtheorent01&pid=adtheorent01&cid=12483&w=300&h=250&c=adtheorent01cont334144&js=pmw2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.139.29.37 -, , ASN (),

Reverse DNS

Software

nginx /

Resource Hash

e15a095adc9899b592ceccdd4885a3be3674a6bf6ec4be762566360424deb1f3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' ; font-src 'self' ; style-src 'self' 'unsafe-inline' ; img-src 'self' data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' ; frame-ancestors 'self' ; connect-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; object-src 'self' ; media-src 'self' ; child-src 'self' ; worker-src 'self' ; manifest-src 'self' *;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Fri, 11 Aug 2023 18:16:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 45c692e896f6d5351f0f0a998ed4f588.cloudfront.net (CloudFront)
content-security-policy: default-src 'self' 'unsafe-eval' *; font-src 'self' *; style-src 'self' 'unsafe-inline' *; img-src 'self' * data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' *; frame-ancestors 'self' *; connect-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; object-src 'self' *; media-src 'self' *; child-src 'self' *; worker-src 'self' *; manifest-src 'self' *;
x-amz-cf-pop: JFK50-P2
cross-origin-embedder-policy: unsafe-none
age: 30845
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: origin
server: nginx
cross-origin-opener-policy: unsafe-none
expect-ct: max-age=31536000
x-frame-options: SAMEORIGIN
vary: Accept-Encoding, Origin
content-type: text/javascript;charset=UTF-8
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy: geolocation=(), microphone=(), payment=()
x-amz-cf-id: CI0Kl5IBg-LvT_QWExkUtYeSgbkFiEXhNe5weq6fB5qPzKQH8MIWbA==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 cap
choices.trustarc.com/ Frame 9E34 43 B
1020 B 156ms
62ms Image
image/gif 108.139.29.37

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://choices.trustarc.com/cap?aid=adtheorent01&pid=adtheorent01&cid=12483&w=300&h=250&c=1e16

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.139.29.37 -, , ASN (),

Reverse DNS

Software

nginx /

Resource Hash

98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' ; font-src 'self' ; style-src 'self' 'unsafe-inline' ; img-src 'self' data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' ; frame-ancestors 'self' ; connect-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; object-src 'self' ; media-src 'self' ; child-src 'self' ; worker-src 'self' ; manifest-src 'self' *;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: default-src 'self' 'unsafe-eval' *; font-src 'self' *; style-src 'self' 'unsafe-inline' *; img-src 'self' * data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' *; frame-ancestors 'self' *; connect-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; object-src 'self' *; media-src 'self' *; child-src 'self' *; worker-src 'self' *; manifest-src 'self' *;
via: 1.1 45c692e896f6d5351f0f0a998ed4f588.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK50-P2
cross-origin-embedder-policy: unsafe-none
x-cache: Miss from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 43
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: origin
server: nginx
cross-origin-opener-policy: unsafe-none
expect-ct: max-age=31536000
x-frame-options: SAMEORIGIN
vary: Origin
content-type: image/gif
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy: geolocation=(), microphone=(), payment=()
x-amz-cf-id: bQuMiHGzcuQOwWuJ-u25P5kqiV9yheo6PY7Cjpz7uUWfpUGPH0Q7eQ==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 ca Show response
choices.trustarc.com/ Frame C9FD 6 KB
3 KB 114ms
56ms Script
text/javascript 108.139.29.37

General

Check archive.org

Show headers Download Go to

Full URL

https://choices.trustarc.com/ca?aid=adtheorent01&pid=adtheorent01&cid=12483&w=728&h=90&c=adtheorent01cont334143&js=pmw1&base=te-clr1-82bbc3b7-6e33-419f-b714-e39106e1b146&plc=tr

Requested by

Host: choices.truste.com
URL: https://choices.truste.com/ca?pid=adtheorent01&aid=adtheorent01&cid=12483&c=adtheorent01cont334143&w=728&h=90&js=pmw0&plc=tr&uid=08cf3de0c6ac4a825de489216705c8d4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.139.29.37 -, , ASN (),

Reverse DNS

Software

nginx /

Resource Hash

9247b3426b30ec2273d58b8c415757e1fceda5d6532a60de0b585c0bb0eec8ed

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' ; font-src 'self' ; style-src 'self' 'unsafe-inline' ; img-src 'self' data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' ; frame-ancestors 'self' ; connect-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; object-src 'self' ; media-src 'self' ; child-src 'self' ; worker-src 'self' ; manifest-src 'self' *;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 45c692e896f6d5351f0f0a998ed4f588.cloudfront.net (CloudFront)
content-security-policy: default-src 'self' 'unsafe-eval' *; font-src 'self' *; style-src 'self' 'unsafe-inline' *; img-src 'self' * data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' *; frame-ancestors 'self' *; connect-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; object-src 'self' *; media-src 'self' *; child-src 'self' *; worker-src 'self' *; manifest-src 'self' *;
x-amz-cf-pop: JFK50-P2
cross-origin-embedder-policy: unsafe-none
x-cache: Miss from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 2231
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: origin
server: nginx
cross-origin-opener-policy: unsafe-none
expect-ct: max-age=31536000
x-frame-options: SAMEORIGIN
vary: Accept-Encoding, Origin
content-type: text/javascript;charset=UTF-8
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy: geolocation=(), microphone=(), payment=()
x-amz-cf-id: Xt-GcpMad_KjAEOdzQM3YOQEd_5ZodmoOb6A6BZbTEWaVR8bjKe36w==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 ca Show response
choices.trustarc.com/ Frame C9FD 38 KB
12 KB 105ms
47ms Script
text/javascript 108.139.29.37

General

Check archive.org

Show headers Download Go to

Full URL

https://choices.trustarc.com/ca?aid=adtheorent01&pid=adtheorent01&cid=12483&w=728&h=90&c=adtheorent01cont334143&js=pmw2

Requested by

Host: choices.truste.com
URL: https://choices.truste.com/ca?pid=adtheorent01&aid=adtheorent01&cid=12483&c=adtheorent01cont334143&w=728&h=90&js=pmw0&plc=tr&uid=08cf3de0c6ac4a825de489216705c8d4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.139.29.37 -, , ASN (),

Reverse DNS

Software

nginx /

Resource Hash

e15a095adc9899b592ceccdd4885a3be3674a6bf6ec4be762566360424deb1f3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' ; font-src 'self' ; style-src 'self' 'unsafe-inline' ; img-src 'self' data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' ; frame-ancestors 'self' ; connect-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; object-src 'self' ; media-src 'self' ; child-src 'self' ; worker-src 'self' ; manifest-src 'self' *;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Fri, 11 Aug 2023 10:26:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 45c692e896f6d5351f0f0a998ed4f588.cloudfront.net (CloudFront)
content-security-policy: default-src 'self' 'unsafe-eval' *; font-src 'self' *; style-src 'self' 'unsafe-inline' *; img-src 'self' * data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' *; frame-ancestors 'self' *; connect-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; object-src 'self' *; media-src 'self' *; child-src 'self' *; worker-src 'self' *; manifest-src 'self' *;
x-amz-cf-pop: JFK50-P2
cross-origin-embedder-policy: unsafe-none
age: 59047
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: origin
server: nginx
cross-origin-opener-policy: unsafe-none
expect-ct: max-age=31536000
x-frame-options: SAMEORIGIN
vary: Accept-Encoding, Origin
content-type: text/javascript;charset=UTF-8
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy: geolocation=(), microphone=(), payment=()
x-amz-cf-id: lVLlBdnekGmCQDFC2Gh-Qh6YX5IuDQ_rY5RISPL84WpWTisUAIhtBg==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 cap
choices.trustarc.com/ Frame C9FD 43 B
1021 B 117ms
59ms Image
image/gif 108.139.29.37

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://choices.trustarc.com/cap?aid=adtheorent01&pid=adtheorent01&cid=12483&w=728&h=90&c=ebf4

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.139.29.37 -, , ASN (),

Reverse DNS

Software

nginx /

Resource Hash

98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' ; font-src 'self' ; style-src 'self' 'unsafe-inline' ; img-src 'self' data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' ; frame-ancestors 'self' ; connect-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; object-src 'self' ; media-src 'self' ; child-src 'self' ; worker-src 'self' ; manifest-src 'self' *;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: default-src 'self' 'unsafe-eval' *; font-src 'self' *; style-src 'self' 'unsafe-inline' *; img-src 'self' * data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' *; frame-ancestors 'self' *; connect-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; object-src 'self' *; media-src 'self' *; child-src 'self' *; worker-src 'self' *; manifest-src 'self' *;
via: 1.1 45c692e896f6d5351f0f0a998ed4f588.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK50-P2
cross-origin-embedder-policy: unsafe-none
x-cache: Miss from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 43
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: origin
server: nginx
cross-origin-opener-policy: unsafe-none
expect-ct: max-age=31536000
x-frame-options: SAMEORIGIN
vary: Origin
content-type: image/gif
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy: geolocation=(), microphone=(), payment=()
x-amz-cf-id: 6q2ZA7j3YgXYE_KzQ7xb71XRZyryFLIbg4rD6fKqeio_0CLpMlLCEw==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 ca Show response
choices.trustarc.com/ Frame 8BB3 6 KB
3 KB 81ms
57ms Script
text/javascript 108.139.29.37

General

Check archive.org

Show headers Download Go to

Full URL

https://choices.trustarc.com/ca?aid=adtheorent01&pid=adtheorent01&cid=12483&w=728&h=90&c=adtheorent01cont334143&js=pmw1&base=te-clr1-82bbc3b7-6e33-419f-b714-e39106e1b146&plc=tr

Requested by

Host: choices.truste.com
URL: https://choices.truste.com/ca?pid=adtheorent01&aid=adtheorent01&cid=12483&c=adtheorent01cont334143&w=728&h=90&js=pmw0&plc=tr&uid=08cf3de0c6ac4a825de489216705c8d4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.139.29.37 -, , ASN (),

Reverse DNS

Software

nginx /

Resource Hash

9247b3426b30ec2273d58b8c415757e1fceda5d6532a60de0b585c0bb0eec8ed

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' ; font-src 'self' ; style-src 'self' 'unsafe-inline' ; img-src 'self' data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' ; frame-ancestors 'self' ; connect-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; object-src 'self' ; media-src 'self' ; child-src 'self' ; worker-src 'self' ; manifest-src 'self' *;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 45c692e896f6d5351f0f0a998ed4f588.cloudfront.net (CloudFront)
content-security-policy: default-src 'self' 'unsafe-eval' *; font-src 'self' *; style-src 'self' 'unsafe-inline' *; img-src 'self' * data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' *; frame-ancestors 'self' *; connect-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; object-src 'self' *; media-src 'self' *; child-src 'self' *; worker-src 'self' *; manifest-src 'self' *;
x-amz-cf-pop: JFK50-P2
cross-origin-embedder-policy: unsafe-none
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 2231
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: origin
server: nginx
cross-origin-opener-policy: unsafe-none
expect-ct: max-age=31536000
x-frame-options: SAMEORIGIN
vary: Accept-Encoding, Origin
content-type: text/javascript;charset=UTF-8
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy: geolocation=(), microphone=(), payment=()
x-amz-cf-id: HPd2wXAakHe0IeawEQ4KtZd9PFVlv-CfNmRox9l269KggXBU3i-gjg==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 ca Show response
choices.trustarc.com/ Frame 8BB3 38 KB
12 KB 77ms
54ms Script
text/javascript 108.139.29.37

General

Check archive.org

Show headers Download Go to

Full URL

https://choices.trustarc.com/ca?aid=adtheorent01&pid=adtheorent01&cid=12483&w=728&h=90&c=adtheorent01cont334143&js=pmw2

Requested by

Host: choices.truste.com
URL: https://choices.truste.com/ca?pid=adtheorent01&aid=adtheorent01&cid=12483&c=adtheorent01cont334143&w=728&h=90&js=pmw0&plc=tr&uid=08cf3de0c6ac4a825de489216705c8d4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.139.29.37 -, , ASN (),

Reverse DNS

Software

nginx /

Resource Hash

e15a095adc9899b592ceccdd4885a3be3674a6bf6ec4be762566360424deb1f3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' ; font-src 'self' ; style-src 'self' 'unsafe-inline' ; img-src 'self' data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' ; frame-ancestors 'self' ; connect-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; object-src 'self' ; media-src 'self' ; child-src 'self' ; worker-src 'self' ; manifest-src 'self' *;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Fri, 11 Aug 2023 10:26:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 45c692e896f6d5351f0f0a998ed4f588.cloudfront.net (CloudFront)
content-security-policy: default-src 'self' 'unsafe-eval' *; font-src 'self' *; style-src 'self' 'unsafe-inline' *; img-src 'self' * data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' *; frame-ancestors 'self' *; connect-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; object-src 'self' *; media-src 'self' *; child-src 'self' *; worker-src 'self' *; manifest-src 'self' *;
x-amz-cf-pop: JFK50-P2
cross-origin-embedder-policy: unsafe-none
age: 59047
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: origin
server: nginx
cross-origin-opener-policy: unsafe-none
expect-ct: max-age=31536000
x-frame-options: SAMEORIGIN
vary: Accept-Encoding, Origin
content-type: text/javascript;charset=UTF-8
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy: geolocation=(), microphone=(), payment=()
x-amz-cf-id: gtCkIes47cnaL_kyggdhKh1GSYix7afAOiHOgzve98L2lQulcWtTzQ==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 cap
choices.trustarc.com/ Frame 8BB3 43 B
1020 B 83ms
61ms Image
image/gif 108.139.29.37

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://choices.trustarc.com/cap?aid=adtheorent01&pid=adtheorent01&cid=12483&w=728&h=90&c=7032

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.139.29.37 -, , ASN (),

Reverse DNS

Software

nginx /

Resource Hash

98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' ; font-src 'self' ; style-src 'self' 'unsafe-inline' ; img-src 'self' data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' ; frame-ancestors 'self' ; connect-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; object-src 'self' ; media-src 'self' ; child-src 'self' ; worker-src 'self' ; manifest-src 'self' *;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: default-src 'self' 'unsafe-eval' *; font-src 'self' *; style-src 'self' 'unsafe-inline' *; img-src 'self' * data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' *; frame-ancestors 'self' *; connect-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; object-src 'self' *; media-src 'self' *; child-src 'self' *; worker-src 'self' *; manifest-src 'self' *;
via: 1.1 45c692e896f6d5351f0f0a998ed4f588.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK50-P2
cross-origin-embedder-policy: unsafe-none
x-cache: Miss from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 43
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: origin
server: nginx
cross-origin-opener-policy: unsafe-none
expect-ct: max-age=31536000
x-frame-options: SAMEORIGIN
vary: Origin
content-type: image/gif
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy: geolocation=(), microphone=(), payment=()
x-amz-cf-id: 6Mp5j2B7g1uK3Nxk5G2td8DNkPNT_W1L8tVUrQpnnGr-vnmI3vGVkw==
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ 0
234 B 2242ms
388ms Ping
image/gif 142.250.206.99

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&top=1&puid=1~ll7f63z4&ctx=0&met.9=1.tg~2.w0&met.3=112.52c_1
Requested by: Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/rum.js?fcd=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.206.99 -, , ASN (),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 12 Aug 2023 02:50:24 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 get
choices.trustarc.com/ Frame C9FD 457 B
797 B 34ms
34ms Image
image/png 108.139.29.37

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://choices.trustarc.com/get?name=admarkermobile-icon-tr.png
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.139.29.37 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 896761f91fce50ed2987f615631341a0ddeddf1354292e7cb8b3649f428bc12c

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: public
date: Mon, 17 Jul 2023 18:12:00 GMT
via: 1.1 45c692e896f6d5351f0f0a998ed4f588.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: JFK50-P2
age: 2191102
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
timing-allow-origin: *
content-length: 457
x-amz-cf-id: 69ez6N2Iky81Cg4vE_0AcbGsi53Uk3PcGiZbp6_332LEDszMz-AQkQ==
expires: Wed, 16 Aug 2023 18:12:00 GMT

GET
H2 200 get
choices.trustarc.com/ Frame 8BB3 457 B
797 B 34ms
31ms Image
image/png 108.139.29.37

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://choices.trustarc.com/get?name=admarkermobile-icon-tr.png
Requested by: Host: choices.trustarc.com
URL: https://choices.trustarc.com/ca?aid=adtheorent01&pid=adtheorent01&cid=12483&w=728&h=90&c=adtheorent01cont334143&js=pmw2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.139.29.37 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 896761f91fce50ed2987f615631341a0ddeddf1354292e7cb8b3649f428bc12c

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: public
date: Mon, 17 Jul 2023 18:12:00 GMT
via: 1.1 45c692e896f6d5351f0f0a998ed4f588.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: JFK50-P2
age: 2191102
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
timing-allow-origin: *
content-length: 457
x-amz-cf-id: AtXGL-ySaBf6iFMMi2eQh4tNm07ko4liskEcTHeW32odqNxyQRHq_A==
expires: Wed, 16 Aug 2023 18:12:00 GMT

GET
H2 200 get
choices.trustarc.com/ Frame 9E34 457 B
798 B 33ms
32ms Image
image/png 108.139.29.37

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://choices.trustarc.com/get?name=admarkermobile-icon-tr.png
Requested by: Host: choices.trustarc.com
URL: https://choices.trustarc.com/ca?aid=adtheorent01&pid=adtheorent01&cid=12483&w=300&h=250&c=adtheorent01cont334144&js=pmw2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.139.29.37 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 896761f91fce50ed2987f615631341a0ddeddf1354292e7cb8b3649f428bc12c

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: public
date: Mon, 17 Jul 2023 18:12:00 GMT
via: 1.1 45c692e896f6d5351f0f0a998ed4f588.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: JFK50-P2
age: 2191102
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
timing-allow-origin: *
content-length: 457
x-amz-cf-id: TaAMMyzC24T00SzVxd5-2dpdis3LGVvuuhrXos_p5-MIDPHDrXPrPg==
expires: Wed, 16 Aug 2023 18:12:00 GMT

GET
H2 200 get
choices.trustarc.com/ Frame 23BA 457 B
798 B 33ms
33ms Image
image/png 108.139.29.37

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://choices.trustarc.com/get?name=admarkermobile-icon-tr.png
Requested by: Host: choices.trustarc.com
URL: https://choices.trustarc.com/ca?aid=adtheorent01&pid=adtheorent01&cid=12483&w=728&h=90&c=adtheorent01cont334143&js=pmw2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.139.29.37 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 896761f91fce50ed2987f615631341a0ddeddf1354292e7cb8b3649f428bc12c

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: public
date: Mon, 17 Jul 2023 18:12:00 GMT
via: 1.1 45c692e896f6d5351f0f0a998ed4f588.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: JFK50-P2
age: 2191102
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
timing-allow-origin: *
content-length: 457
x-amz-cf-id: E5UllfXsokDiDFHAXgsDyjIcjinJC8rau-5wqYk2_1OZTGbV1V_omQ==
expires: Wed, 16 Aug 2023 18:12:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 2BF7 42 B
64 B 46ms
46ms Fetch
image/gif 142.251.40.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsswffu0QiPUqhrwU8vIxXGDwVBkeD47SVyWsHKkn2CMXoagMYT_m1EjH_DElgUlifzsJOY8dmMJWTJf38ljOF-K6OUmU44IYZZl5l_O1bnxLfRzIEvB&sig=Cg0ArKJSzG_RCaknevCmEAE&id=lidar2&mcvt=1004&p=120,320,370,620&mtos=1004,1004,1004,1004,1004&tos=1004,0,0,0,0&v=20230809&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=19&adk=1218337638&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1691808612821&rpt=8949&isd=0&lsd=0&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.194 Newark, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s38-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 12 Aug 2023 02:50:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 get
choices.trustarc.com/ Frame 71D7 457 B
797 B 32ms
32ms Image
image/png 108.139.29.37

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://choices.trustarc.com/get?name=admarkermobile-icon-tr.png
Requested by: Host: choices.trustarc.com
URL: https://choices.trustarc.com/ca?aid=adtheorent01&pid=adtheorent01&cid=12483&w=728&h=90&c=adtheorent01cont334143&js=pmw2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.139.29.37 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 896761f91fce50ed2987f615631341a0ddeddf1354292e7cb8b3649f428bc12c

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: public
date: Mon, 17 Jul 2023 18:12:00 GMT
via: 1.1 45c692e896f6d5351f0f0a998ed4f588.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: JFK50-P2
age: 2191102
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
timing-allow-origin: *
content-length: 457
x-amz-cf-id: ibt4_Qu4Ev8D9YLA-514Vr7KlSw3-fA2eUnxY0Jq4y1nt3RQzqH7_g==
expires: Wed, 16 Aug 2023 18:12:00 GMT

GET
H2 200 get
choices.trustarc.com/ Frame 66BA 457 B
798 B 34ms
34ms Image
image/png 108.139.29.37

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://choices.trustarc.com/get?name=admarkermobile-icon-tr.png
Requested by: Host: choices.trustarc.com
URL: https://choices.trustarc.com/ca?aid=adtheorent01&pid=adtheorent01&cid=12483&w=300&h=250&c=adtheorent01cont334144&js=pmw2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.139.29.37 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 896761f91fce50ed2987f615631341a0ddeddf1354292e7cb8b3649f428bc12c

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: public
date: Mon, 17 Jul 2023 18:12:00 GMT
via: 1.1 45c692e896f6d5351f0f0a998ed4f588.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: JFK50-P2
age: 2191102
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
timing-allow-origin: *
content-length: 457
x-amz-cf-id: 8N-VjIPB0Q8VysQ0ryq8_EDvTm7flel5oRmfXaWqvwvcNHkw2M8eNQ==
expires: Wed, 16 Aug 2023 18:12:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 8E5F 42 B
64 B 46ms
45ms Fetch
image/gif 142.251.40.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuSt1EEyngjZPgqPM27dy9Ge-Hsh_tL2hRxa3rQPMtCaOebk1ZSBasU-IDfMPad-VdabBkECgOCyvb9IJY5rJaeQZkJJEhyuDPY1olz1ROExgeo74tj&sig=Cg0ArKJSzAKolCT14YBmEAE&id=lidar2&mcvt=1001&p=1095,430,1185,1158&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20230809&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=19&adk=1742890523&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1691808612970&rpt=8837&isd=0&lsd=0&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.194 Newark, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s38-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 12 Aug 2023 02:50:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 077C 42 B
64 B 46ms
46ms Fetch
image/gif 142.251.40.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvVq4gJi0Pn_ASMTFDP9g7v0YYsbEgMcvPBSmZLjtAy9MSFKfnRk-Xlhg6X7k2uR_53zvojk2Eq9saX-Z-zrKXzLY4Q8_2cEfSz7bdkS1lHkRgK4UIU&sig=Cg0ArKJSzH4n4tNrmbXkEAE&id=lidar2&mcvt=1000&p=10,552,100,1280&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230809&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=19&adk=573839204&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1691808612863&rpt=8979&isd=0&lsd=0&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.194 Newark, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s38-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 12 Aug 2023 02:50:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 SPug Show response
simage4.pubmatic.com/AdServer/ Frame 2EED 0
128 B 29ms
29ms Script
text/plain 162.248.18.34
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage4.pubmatic.com/AdServer/SPug?partnerID=158936&gdpr=0&gdpr_consent=&us_privacy=1---
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 162.248.18.34 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:23 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 200 rt=ifr Show response
bcp.crwdcntrl.net/5/c=4545/rand=956275726/pv=y/int=%23OpR%2341329%23mediafire.com%20%3A%20Total%20Site%20Traffic/int=%23OpR%2341330%23mediafire.com%20%3A%20Site%20Section%20%3A%20file/adv=%23OpR%23... Frame 51F5 2 KB
2 KB 65ms
64ms Document
text/html 54.85.119.254
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://bcp.crwdcntrl.net/5/c=4545/rand=956275726/pv=y/int=%23OpR%2341329%23mediafire.com%20%3A%20Total%20Site%20Traffic/int=%23OpR%2341330%23mediafire.com%20%3A%20Site%20Section%20%3A%20file/adv=%23OpR%2342598%23Referral%20Site%20%3A%20/rt=ifr
Requested by: Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/c/4545/cc_af.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.85.119.254 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-85-119-254.compute-1.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 01b792e7e27d844ce1dc095fbf2f4dc20e69b673683ff2475bdc93898a81f1ed

Request headers

Referer: https://www.mediafire.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

access-control-allow-origin: *
cache-control: no-cache
content-length: 1688
content-type: text/html;charset=utf-8
date: Sat, 12 Aug 2023 02:50:25 GMT
expires: 0
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
pragma: no-cache
server: Jetty(9.4.38.v20210224)
x-server: 10.40.47.122

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 15 KB
11 KB 55ms
55ms XHR
application/json 142.251.40.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202308090102&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308090102/pubads_impl.js?cb=31076971

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.194 Newark, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s38-in-f2.1e100.net

Software

cafe /

Resource Hash

be2de8a131b3ce2d99a572a1bd3daa2336f83cb748d33cbda540f8d944b3c487

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:25 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11547
x-xss-protection: 0

POST
H2 204 rum Show response
www.mediafire.com/cdn-cgi/ 0
191 B 52ms
51ms XHR
text/plain 104.16.53.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mediafire.com/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/v8b253dfea2ab4077af8c6f58422dfbfd1689876627854

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.16.53.48 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
content-type: application/json

Response headers

date: Sat, 12 Aug 2023 02:50:25 GMT
x-content-type-options: nosniff
server: cloudflare
vary: Origin
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://www.mediafire.com
x-frame-options: DENY
access-control-allow-credentials: true
cf-ray: 7f5569280eec36c0-YYZ

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 55ms
55ms Script
text/javascript 142.251.40.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308090102/pubads_impl.js?cb=31076971

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.193 Newark, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s38-in-f1.1e100.net

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 12 Aug 2023 02:50:25 GMT

GET
H2

200

qmap
sync.crwdcntrl.net/ Frame 51F5
Redirect Chain

https://cms.analytics.yahoo.com/cms?partner_id=LOTME&gdpr=0
https://ups.analytics.yahoo.com/ups/58736/cms?partner_id=LOTME&gdpr=0
https://sync.crwdcntrl.net/qmap?c=5437&tp=DTAX&tpidqp=tpidqa&tpidqa=y-wO59MpFE2py6qLAP.sbbIQdxa9xDP5TEDas-~A&gdpr=0

49 B
264 B

39ms
38ms

Image
image/gif

54.85.119.254
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/qmap?c=5437&tp=DTAX&tpidqp=tpidqa&tpidqa=y-wO59MpFE2py6qLAP.sbbIQdxa9xDP5TEDas-~A&gdpr=0
Requested by: Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/5/c=4545/rand=956275726/pv=y/int=%23OpR%2341329%23mediafire.com%20%3A%20Total%20Site%20Traffic/int=%23OpR%2341330%23mediafire.com%20%3A%20Site%20Section%20%3A%20file/adv=%23OpR%2342598%23Referral%20Site%20%3A%20/rt=ifr
Protocol: H2
Server: 54.85.119.254 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-85-119-254.compute-1.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bcp.crwdcntrl.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 12 Aug 2023 02:50:26 GMT
server: Jetty(9.4.38.v20210224)
content-type: image/gif
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.40.3.239
content-length: 49
expires: 0

Redirect headers

location: https://sync.crwdcntrl.net/qmap?c=5437&tp=DTAX&tpidqp=tpidqa&tpidqa=y-wO59MpFE2py6qLAP.sbbIQdxa9xDP5TEDas-~A&gdpr=0
date: Sat, 12 Aug 2023 02:50:26 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.75
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

200

gdpr_consent=
sync.crwdcntrl.net/map/c=10620/tp=TRAD/tpid=0f47a966-b427-4320-bc28-81b881249716/gdpr=0/ Frame 51F5
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=lotame&ttd_tpi=1&gdpr=0
https://sync.crwdcntrl.net/map/c=10620/tp=TRAD/tpid=0f47a966-b427-4320-bc28-81b881249716/gdpr=0/gdpr_consent=

49 B
264 B

44ms
43ms

Image
image/gif

54.85.119.254
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/map/c=10620/tp=TRAD/tpid=0f47a966-b427-4320-bc28-81b881249716/gdpr=0/gdpr_consent=
Requested by: Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/5/c=4545/rand=956275726/pv=y/int=%23OpR%2341329%23mediafire.com%20%3A%20Total%20Site%20Traffic/int=%23OpR%2341330%23mediafire.com%20%3A%20Site%20Section%20%3A%20file/adv=%23OpR%2342598%23Referral%20Site%20%3A%20/rt=ifr
Protocol: H2
Server: 54.85.119.254 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-85-119-254.compute-1.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bcp.crwdcntrl.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 12 Aug 2023 02:50:26 GMT
server: Jetty(9.4.38.v20210224)
content-type: image/gif
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.40.47.57
content-length: 49
expires: 0

Redirect headers

pragma: no-cache
date: Sat, 12 Aug 2023 02:50:25 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://sync.crwdcntrl.net/map/c=10620/tp=TRAD/tpid=0f47a966-b427-4320-bc28-81b881249716/gdpr=0/gdpr_consent=
content-type: text/html
cache-control: private,no-cache, must-revalidate
content-length: 249

GET
H2 200 5907
tags.bluekai.com/site/ Frame 51F5 62 B
359 B 222ms
211ms Image
image/gif 104.107.25.203
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.bluekai.com/site/5907?limit=0&id=7079a8b72e6aa91dfe17f41f9376bb80
Requested by: Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/5/c=4545/rand=956275726/pv=y/int=%23OpR%2341329%23mediafire.com%20%3A%20Total%20Site%20Traffic/int=%23OpR%2341330%23mediafire.com%20%3A%20Site%20Section%20%3A%20file/adv=%23OpR%2342598%23Referral%20Site%20%3A%20/rt=ifr
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.107.25.203 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-107-25-203.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bcp.crwdcntrl.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
date: Sat, 12 Aug 2023 02:50:26 GMT
content-length: 62
content-type: image/gif

GET
H2

200

rand=474985345
sync.crwdcntrl.net/map/c=281/tp=ANXS/tpid=6509273573175081155/gdpr=0/ Frame 51F5
Redirect Chain

https://secure.adnxs.com/getuid?https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D281%2Ftp%3DANXS%2Ftpid%3D%24UID%2Fgdpr%3D0%2Frand=474985345
https://sync.crwdcntrl.net/map/c=281/tp=ANXS/tpid=6509273573175081155/gdpr=0/rand=474985345

49 B
265 B

39ms
39ms

Image
image/gif

54.85.119.254
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/map/c=281/tp=ANXS/tpid=6509273573175081155/gdpr=0/rand=474985345
Requested by: Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/5/c=4545/rand=956275726/pv=y/int=%23OpR%2341329%23mediafire.com%20%3A%20Total%20Site%20Traffic/int=%23OpR%2341330%23mediafire.com%20%3A%20Site%20Section%20%3A%20file/adv=%23OpR%2342598%23Referral%20Site%20%3A%20/rt=ifr
Protocol: H2
Server: 54.85.119.254 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-85-119-254.compute-1.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bcp.crwdcntrl.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 12 Aug 2023 02:50:26 GMT
server: Jetty(9.4.38.v20210224)
content-type: image/gif
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.40.44.154
content-length: 49
expires: 0

Redirect headers

pragma: no-cache
date: Sat, 12 Aug 2023 02:50:25 GMT
an-x-request-uuid: 4b0bf5f7-2b61-4fab-8d16-6ecec554769b
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://sync.crwdcntrl.net/map/c=281/tp=ANXS/tpid=6509273573175081155/gdpr=0/rand=474985345
x-proxy-origin: 86.48.14.34; 86.48.14.34; 575.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

tpid=3a3c754e-49da-4120-808f-90244ab39d1e
sync.crwdcntrl.net/map/c=10158/tp=TPAD/ Frame 51F5
Redirect Chain

https://pixel.tapad.com/idsync/ex/receive?partner_id=LOTAME&partner_device_id=1981ee695b2b84cbb6bd3e699424e366&gdpr=0&partner_url=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D10158%2Ftp%3DTPAD%2Ftp...
https://secure.adnxs.com/getuid?https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Freceive%3Fpartner_id%3DAPPNEXUS%26partner_device_id%3D%24UID%26pt%3D3a3c754e-49da-4120-808f-90244ab39d1e%252Chttps%2525...
https://pixel.tapad.com/idsync/ex/receive?partner_id=APPNEXUS&partner_device_id=6509273573175081155&pt=3a3c754e-49da-4120-808f-90244ab39d1e%2Chttps%253A%252F%252Fsync.crwdcntrl.net%252Fmap%252Fc%25...
https://sync.crwdcntrl.net/map/c=10158/tp=TPAD/tpid=3a3c754e-49da-4120-808f-90244ab39d1e

49 B
263 B

39ms
39ms

Image
image/gif

54.85.119.254
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/map/c=10158/tp=TPAD/tpid=3a3c754e-49da-4120-808f-90244ab39d1e
Requested by: Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/5/c=4545/rand=956275726/pv=y/int=%23OpR%2341329%23mediafire.com%20%3A%20Total%20Site%20Traffic/int=%23OpR%2341330%23mediafire.com%20%3A%20Site%20Section%20%3A%20file/adv=%23OpR%2342598%23Referral%20Site%20%3A%20/rt=ifr
Protocol: H2
Server: 54.85.119.254 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-85-119-254.compute-1.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bcp.crwdcntrl.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 12 Aug 2023 02:50:26 GMT
server: Jetty(9.4.38.v20210224)
content-type: image/gif
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.40.6.16
content-length: 49
expires: 0

Redirect headers

date: Sat, 12 Aug 2023 02:50:26 GMT
strict-transport-security: max-age=31536000
via: 1.1 google
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: Jetty(11.0.13)
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
access-control-allow-origin: *
location: https://sync.crwdcntrl.net/map/c=10158/tp=TPAD/tpid=3a3c754e-49da-4120-808f-90244ab39d1e
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 204 usersync
pixel-sync.sitescout.com/connectors/lotame/ Frame 51F5 0
187 B 74ms
48ms Image
text/plain 207.198.113.89

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-sync.sitescout.com/connectors/lotame/usersync?gdpr=0&redir=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D1389%2Ftp%3DSTSC%2Ftpid%3D%24UUID%2Fgdpr%3D0
Requested by: Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/5/c=4545/rand=956275726/pv=y/int=%23OpR%2341329%23mediafire.com%20%3A%20Total%20Site%20Traffic/int=%23OpR%2341330%23mediafire.com%20%3A%20Site%20Section%20%3A%20file/adv=%23OpR%2342598%23Referral%20Site%20%3A%20/rt=ifr
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 207.198.113.89 -, , ASN (),
Reverse DNS
Software: A /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bcp.crwdcntrl.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
pragma: no-cache
date: Sat, 12 Aug 2023 02:50:25 GMT
cache-control: max-age=0,no-cache,no-store
server: A
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H3 200 pixel
cm.g.doubleclick.net/ Frame 51F5 170 B
188 B 52ms
49ms Image
image/png 142.251.40.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=lotame_dmp&google_hm=MTk4MWVlNjk1YjJiODRjYmI2YmQzZTY5OTQyNGUzNjY&gdpr=0

Requested by

Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/5/c=4545/rand=956275726/pv=y/int=%23OpR%2341329%23mediafire.com%20%3A%20Total%20Site%20Traffic/int=%23OpR%2341330%23mediafire.com%20%3A%20Site%20Section%20%3A%20file/adv=%23OpR%2342598%23Referral%20Site%20%3A%20/rt=ifr

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.162 Newark, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s81-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bcp.crwdcntrl.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 12 Aug 2023 02:50:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

tpid=3903d6a14a5d11f070e291db4989000e
sync.crwdcntrl.net/map/c=10832/tp=TRUP/ Frame 51F5
Redirect Chain

https://dmp.truoptik.com/f2d2e39fc16bc9cc/sync.gif?cbp=tpid&cbk=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D10832%2Ftp%3DTRUP
https://sync.crwdcntrl.net/map/c=10832/tp=TRUP/tpid=3903d6a14a5d11f070e291db4989000e

49 B
264 B

40ms
39ms

Image
image/gif

54.85.119.254
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/map/c=10832/tp=TRUP/tpid=3903d6a14a5d11f070e291db4989000e
Requested by: Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/5/c=4545/rand=956275726/pv=y/int=%23OpR%2341329%23mediafire.com%20%3A%20Total%20Site%20Traffic/int=%23OpR%2341330%23mediafire.com%20%3A%20Site%20Section%20%3A%20file/adv=%23OpR%2342598%23Referral%20Site%20%3A%20/rt=ifr
Protocol: H2
Server: 54.85.119.254 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-85-119-254.compute-1.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bcp.crwdcntrl.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 12 Aug 2023 02:50:26 GMT
server: Jetty(9.4.38.v20210224)
content-type: image/gif
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.40.12.16
content-length: 49
expires: 0

Redirect headers

date: Sat, 12 Aug 2023 02:50:26 GMT
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-length: 142
x-xss-protection: 1; mode=block
pragma: no-cache
to-dmp-sync: s1b-dmp-use1-aws.truoptik.com
server: cloudflare
user-agent: Tru Optik DMP 1.3.1
x-frame-options: SAMEORIGIN
content-type: text/html
location: https://sync.crwdcntrl.net/map/c=10832/tp=TRUP/tpid=3903d6a14a5d11f070e291db4989000e
access-control-allow-origin: *
cache-control: no-store
cf-ray: 7f556928c95336b4-YYZ
expires: 0

GET
H3 200 pixel
cm.g.doubleclick.net/ Frame 51F5 170 B
188 B 50ms
49ms Image
image/png 142.251.40.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=lotameddp&google_hm=MTk4MWVlNjk1YjJiODRjYmI2YmQzZTY5OTQyNGUzNjY&gdpr=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.162 Newark, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s81-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bcp.crwdcntrl.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 12 Aug 2023 02:50:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

qmap
sync.crwdcntrl.net/ Frame 51F5
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=lotame&gdpr=0
https://sync.crwdcntrl.net/qmap?c=6569&tp=STKA&tpid=0-73767d58-2691-5c90-4114-42ba9f1b1bd6$ip$86.48.14.34&gdpr=0&gdpr_consent=

49 B
264 B

39ms
38ms

Image
image/gif

54.85.119.254
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/qmap?c=6569&tp=STKA&tpid=0-73767d58-2691-5c90-4114-42ba9f1b1bd6$ip$86.48.14.34&gdpr=0&gdpr_consent=
Requested by: Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/5/c=4545/rand=956275726/pv=y/int=%23OpR%2341329%23mediafire.com%20%3A%20Total%20Site%20Traffic/int=%23OpR%2341330%23mediafire.com%20%3A%20Site%20Section%20%3A%20file/adv=%23OpR%2342598%23Referral%20Site%20%3A%20/rt=ifr
Protocol: H2
Server: 54.85.119.254 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-85-119-254.compute-1.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bcp.crwdcntrl.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 12 Aug 2023 02:50:26 GMT
server: Jetty(9.4.38.v20210224)
content-type: image/gif
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.40.4.180
content-length: 49
expires: 0

Redirect headers

Location: https://sync.crwdcntrl.net/qmap?c=6569&tp=STKA&tpid=0-73767d58-2691-5c90-4114-42ba9f1b1bd6$ip$86.48.14.34&gdpr=0&gdpr_consent=
Date: Sat, 12 Aug 2023 02:50:26 GMT
Connection: keep-alive
Content-Length: 165
Content-Type: text/html; charset=utf-8

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame A179 13 KB
5 KB 32ms
30ms Document
text/html 142.251.40.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.193 Newark, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s38-in-f1.1e100.net

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 244064
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 09 Aug 2023 07:02:42 GMT
expires: Thu, 08 Aug 2024 07:02:42 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 1501 831 B
987 B 56ms
53ms Document
text/html 142.250.81.228
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.81.228 Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s74-in-f4.1e100.net

Software

GSE /

Resource Hash

6617d478a8c27a2bcd49206829ce59edc737d35d562a64155429ad4f90317e53

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-TPPa01NUNMK3tcrDiRsbEw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mediafire.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 531
content-security-policy: script-src 'report-sample' 'nonce-TPPa01NUNMK3tcrDiRsbEw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sat, 12 Aug 2023 02:50:26 GMT
expires: Sat, 12 Aug 2023 02:50:26 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 jV9FxWrWuOZCJw0aisMe6ECIXrejCp7-1an5KoHTGso.js Show response
pagead2.googlesyndication.com/bg/ Frame A179 37 KB
15 KB 36ms
35ms Script
text/javascript 142.251.40.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/jV9FxWrWuOZCJw0aisMe6ECIXrejCp7-1an5KoHTGso.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.40.194 Newark, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s38-in-f2.1e100.net

Software

sffe /

Resource Hash

8d5f45c56ad6b8e642270d1a8ac31ee840885eb7a30a9efed5a9f92a81d31aca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Thu, 10 Aug 2023 11:53:55 GMT
content-encoding: br
x-content-type-options: nosniff
age: 140191
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14662
x-xss-protection: 0
last-modified: Mon, 07 Aug 2023 12:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 09 Aug 2024 11:53:55 GMT

GET
H2 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 1501 0
0 46ms
45ms Image
text/html 142.251.40.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202308090102&jk=81814686157749&rc=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.251.40.194 Newark, United States, ASN15169 (GOOGLE, US),
Reverse DNS: lga34s38-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame A179 0
10 B 40ms
40ms Image
text/plain 142.251.40.193
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?89he_w
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.251.40.193 Newark, United States, ASN15169 (GOOGLE, US),
Reverse DNS: lga34s38-in-f1.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 02:50:26 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 47ms
46ms Image
text/html 142.251.40.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202308090102&jk=81814686157749&bg=!GBulG0_NAAaiGN5Pghg7ADkAdvg8WnxnSWE7F_s-4BufJ_SDwUeHA99gWtuOTwbraH5pkap7WLGn7AFKMfWDCsQ01azocR4ys0YCAAAAclIAAAAJaAEHCgCLfaL57BxAuZW0KP3pYexI0V8gzH0laYQUW8SF1-WS2lniteEzZKUpu8gQJyY3NiNZ8VaRaUhAgk1jDwy63gpmfKHvbrMwN3j6e6O38G9XrY405VRtwKsY8heaGsJRiWrbuuLorPyypw-hQb0i917bux9BlAX9wT7RtZSdeyFUiT87LvuXomYhQu1FtpkCxLPm6DgH9d7pYeOKZfIbXKN8hQKVnKyqg0ZeDmg76RNrYpFTVsc9TpUKGSvNw6Ar6woyPu4ABJgK1QE0BxJT3ia3BuGw9FuaLEEqPTJpy-QCSsbh3ETgywPCXxYew7ZJ86da6k2SEQpVwkIG622YkWjX6SoCXZ_BLr7tVdazYgvG6q9fugW8_OB5U462F6qaj4KUa1lqUJKuCdoyi9z-cahtnK-47lh87FgqnwX_1cm_bRht3WxhlHxsgAzYWlZQHGQUke0cKWU-JuKHhGl46ZlKTX8qip7Tzo5YDZJMc5izq9hRWfEb9pOYo9V-8LrpUXOwWauK1mHPnayj4bxUi4e47KcAStEnM1sdGDbNHnwPaQPVp8sOk0VvJNmJANlVKjJ7Z3aadP-i9HnvweWBaUB0m0HR96PFgfaKKhvXZxtXAcdhjAFnt-J5X-Uz-j_bVFmImmyTLg6ZxKByX5TOnGdegDVGXOfPm7k5vypVTOo4pF0xA2QfXIidcTPZcQzUOeTbM9ZQN7S0glb5MRzeFl_0oBme9Bg_EBwe7XGLgLRBc4XtoAr5zmnYqpru0v-TqX7kZcivQYTeYU3P-4HyiT_QHyWHRKPFdw_7F8LuuyB725RNO5PoiS4a_AwlG7ubOJTbcJAr1g-AbHnSh8D2I1WjlEBlwW7aJktNBucPtrzrmk89B2xmiF_HihSb6niUo56lpvVXZwrOlXp91inM6kIIYueVHgoJJjd19lOCJcAyG7NNgFra2CBlIxSMjREGAJWhGCJpNFQQ4EQ1m8FC-K38hZWUzVIckwzw5UqbZmk8td5T8zlj8SToKa3MGWt1fBYkx9kvc1FDDitPtrB3AFLzQGf_DPjS4YL0mw8_mIifZNyBNQartPSx8orqF2Ed4DJdNckD_Ntgn0la9ocBVAL_Zw6p267jBAn1PHaRgSXKDbFgkw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.251.40.194 Newark, United States, ASN15169 (GOOGLE, US),
Reverse DNS: lga34s38-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

POST
H2 204 greenoaks.gif
g.ezoic.net/detroitchicago/ 0
69 B 36ms
35ms Ping
text/plain 50.16.223.119
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/detroitchicago/greenoaks.gif?orig=1&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiJhZjE3MGY3MC1jOWJkLTQwM2YtNWQ2Yy1hODA1ZWVjZmQwYmEiLCJkb21haW5faWQiOiI0ODQ0NzAiLCJ0X2Vwb2NoIjoxNjkxODA4NjExLCJkYXRhIjpbeyJuYW1lIjoiZGV2aWNlX3dpZHRoIiwidmFsIjoiMTYwMCJ9LHsibmFtZSI6ImRldmljZV9oZWlnaHQiLCJ2YWwiOiIxMjAwIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiYWYxNzBmNzAtYzliZC00MDNmLTVkNmMtYTgwNWVlY2ZkMGJhIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTY5MTgwODYxMSwiZGF0YSI6W3sibmFtZSI6InRfbG9jYWxfZGF0ZSIsInZhbCI6IjIwMjMtMDgtMTEifSx7Im5hbWUiOiJ0X2xvY2FsX2hvdXIiLCJ2YWwiOiIxOSJ9LHsibmFtZSI6InRfbG9jYWxfZGF5X29mX3dlZWsiLCJ2YWwiOiI1In0seyJuYW1lIjoidF9sb2NhbF90aW1lem9uZSIsInZhbCI6IjQyMCJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6ImFmMTcwZjcwLWM5YmQtNDAzZi01ZDZjLWE4MDVlZWNmZDBiYSIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInRfZXBvY2giOjE2OTE4MDg2MTEsImRhdGEiOlt7Im5hbWUiOiJsYW5ndWFnZV90YWciLCJ2YWwiOiJlbi1VUyJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6ImFmMTcwZjcwLWM5YmQtNDAzZi01ZDZjLWE4MDVlZWNmZDBiYSIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInRfZXBvY2giOjE2OTE4MDg2MTEsImRhdGEiOlt7Im5hbWUiOiJsYW5ndWFnZV9wcmltYXJ5X3N1YnRhZyIsInZhbCI6ImVuIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiYWYxNzBmNzAtYzliZC00MDNmLTVkNmMtYTgwNWVlY2ZkMGJhIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTY5MTgwODYxMSwiZGF0YSI6W3sibmFtZSI6Im5hdmlnYXRpb25fdHlwZSIsInZhbCI6IjAifSx7Im5hbWUiOiJyZWRpcmVjdF9jb3VudCIsInZhbCI6IjAifV19XQ==
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/detroitchicago/memphis.js?gcb=195-2&cb=27
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 50.16.223.119 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-50-16-223-119.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

access-control-allow-origin: https://www.mediafire.com
x-middleton-display: ezp_sol
date: Sat, 12 Aug 2023 02:50:27 GMT
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
vary: Accept-Encoding
expires: Fri, 11 Aug 2023 02:50:27 GMT

POST
H2 204 greenoaks.gif
g.ezoic.net/detroitchicago/ 0
62 B 36ms
36ms Ping
text/plain 50.16.223.119
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/detroitchicago/greenoaks.gif?orig=1&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiJhZjE3MGY3MC1jOWJkLTQwM2YtNWQ2Yy1hODA1ZWVjZmQwYmEiLCJkb21haW5faWQiOiI0ODQ0NzAiLCJ0X2Vwb2NoIjoxNjkxODA4NjExLCJkYXRhIjpbeyJuYW1lIjoicGVyZl9pc190cmFja2VkIiwidmFsIjoiMSJ9LHsibmFtZSI6InBlcmZfbmF2X3RvX2Nvbm5lY3QiLCJ2YWwiOiI1MyJ9LHsibmFtZSI6InBlcmZfY29ubmVjdF90b19yZXNwX3N0YXJ0IiwidmFsIjoiMjEyIn0seyJuYW1lIjoicGVyZl9yZXNwX3RpbWUiLCJ2YWwiOiIzNyJ9LHsibmFtZSI6InBlcmZfaW50ZXJhY3RpdmUiLCJ2YWwiOiIxNDYifSx7Im5hbWUiOiJwZXJmX2NvbnRlbnRsb2FkZWQiLCJ2YWwiOiIyODgifSx7Im5hbWUiOiJwZXJmX2NvbXBsZXRlIiwidmFsIjoiMTQ1NzkifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiJhZjE3MGY3MC1jOWJkLTQwM2YtNWQ2Yy1hODA1ZWVjZmQwYmEiLCJkb21haW5faWQiOiI0ODQ0NzAiLCJ0X2Vwb2NoIjoxNjkxODA4NjExLCJkYXRhIjpbeyJuYW1lIjoiZmlyc3RfcGFpbnQiLCJ2YWwiOiI0MDYifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiJhZjE3MGY3MC1jOWJkLTQwM2YtNWQ2Yy1hODA1ZWVjZmQwYmEiLCJkb21haW5faWQiOiI0ODQ0NzAiLCJ0X2Vwb2NoIjoxNjkxODA4NjExLCJkYXRhIjpbeyJuYW1lIjoiZmlyc3RfY29udGVudGZ1bF9wYWludCIsInZhbCI6IjQwNiJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6ImFmMTcwZjcwLWM5YmQtNDAzZi01ZDZjLWE4MDVlZWNmZDBiYSIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInRfZXBvY2giOjE2OTE4MDg2MTEsImRhdGEiOlt7Im5hbWUiOiJjb25uZWN0aW9uX2VmZmVjdGl2ZV90eXBlIiwidmFsIjoiNGcifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiJhZjE3MGY3MC1jOWJkLTQwM2YtNWQ2Yy1hODA1ZWVjZmQwYmEiLCJkb21haW5faWQiOiI0ODQ0NzAiLCJ0X2Vwb2NoIjoxNjkxODA4NjExLCJkYXRhIjpbeyJuYW1lIjoiY29ubmVjdGlvbl9kb3dubGluayIsInZhbCI6IjEwIn1dfV0=
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/detroitchicago/memphis.js?gcb=195-2&cb=27
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 50.16.223.119 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-50-16-223-119.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

access-control-allow-origin: https://www.mediafire.com
x-middleton-display: ezp_sol
date: Sat, 12 Aug 2023 02:50:29 GMT
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
vary: Accept-Encoding
expires: Fri, 11 Aug 2023 02:50:29 GMT

POST
H2 204 greenoaks.gif
g.ezoic.net/detroitchicago/ 0
62 B 36ms
35ms Ping
text/plain 50.16.223.119
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/detroitchicago/greenoaks.gif?orig=1&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiJhZjE3MGY3MC1jOWJkLTQwM2YtNWQ2Yy1hODA1ZWVjZmQwYmEiLCJkb21haW5faWQiOiI0ODQ0NzAiLCJ0X2Vwb2NoIjoxNjkxODA4NjExLCJkYXRhIjpbeyJuYW1lIjoiY29ubmVjdGlvbl9ydHQiLCJ2YWwiOiIwIn1dfV0=
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/detroitchicago/memphis.js?gcb=195-2&cb=27
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 50.16.223.119 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-50-16-223-119.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

access-control-allow-origin: https://www.mediafire.com
x-middleton-display: ezp_sol
date: Sat, 12 Aug 2023 02:50:26 GMT
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
vary: Accept-Encoding
expires: Fri, 11 Aug 2023 02:50:26 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: id5-sync.com
URL: https://id5-sync.com/api/esp/increment?counter=no-config

Verdicts & Comments Add Verdict or Comment

341 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

155 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4	1969-12-31 23:59:59	Name: g36FastPopSessionRequestNumber Value: 1
.mediafire.com/	1970-01-20 23:32:48	Name: ukey Value: lgi8njijvadgdmfr7nnv09d9g4wb6lvs
.mediafire.com/	1970-01-20 14:01:07	Name: 2v1a Value: 1
.mediafire.com/	1970-01-20 13:56:50	Name: ad_count Value: 1
.mediafire.com/	1970-01-20 14:40:00	Name: conv_tracking_data-2 Value: %7B%22mf_source%22%3A%22regular_download-51%22%2C%22mf_content%22%3A%22Free%22%2C%22mf_medium%22%3A%22windows%5C%2FChrome%22%2C%22mf_campaign%22%3A%222vx6675c5wkf95s%22%2C%22mf_term%22%3A%22bc685a055fb469f400be77f78247dc21%22%7D
.mediafire.com/	1970-01-20 13:56:50	Name: __cf_bm Value: TRzuzUc8UAapKt5mchQ8r8HGjarGu3m9TsC.gtBXIN4-1691808611-0-AWJVHZ/LUHFTBA8vL24C6aDNU4NkOM8fkuSzwlashC7ryQIN4GDQ/WxRts2/0SFHtlZl4rQiEA9xfEyfJweMXP4=
.mediafire.com/	1970-01-20 13:56:50	Name: ezoadgid_484470 Value: -1
.mediafire.com/	1970-01-20 13:56:55	Name: ezoref_484470 Value:
.mediafire.com/	1970-01-20 22:42:24	Name: ezosuibasgeneris-1 Value: 0656a286-ba74-4bb0-7cac-8868e3fdc3ff
.mediafire.com/	1970-01-20 13:56:55	Name: ezoab_484470 Value: mod1
.mediafire.com/	1970-01-20 13:56:50	Name: ezovid_484470 Value: 203565382
.mediafire.com/	1970-01-20 13:56:50	Name: lp_484470 Value: https://www.mediafire.com/file/2vx6675c5wkf95s/Omegle_loading_video-_Free_Download.mp4/file
.mediafire.com/	1970-01-20 13:59:41	Name: ezovuuidtime_484470 Value: 1691808611
.mediafire.com/	1970-01-20 13:56:50	Name: ezovuuid_484470 Value: 061fc493-7e71-4d5f-7dbe-0daac5096513
.mediafire.com/	1970-01-20 13:59:41	Name: active_template::484470 Value: orig_site.1691808611
.mediafire.com/	1970-01-20 13:56:50	Name: ezopvc_484470 Value: 1
.mediafire.com/	1970-01-20 13:58:15	Name: ezepvv Value: 0
www.mediafire.com/	1970-01-20 13:59:41	Name: ezstandaloneuser Value: false
.mediafire.com/	1970-01-20 22:42:24	Name: amp_28916b Value: ASLU_xyDs7n1-vob6871Xn...1h7jqdfe5.1h7jqdfe6.0.1.1
.mediafire.com/	1970-01-20 13:58:15	Name: _gid Value: GA1.2.1302994950.1691808612
.mediafire.com/	1970-01-20 13:56:48	Name: _gat_gtag_UA_829541_1 Value: 1
.mediafire.com/	1970-01-20 23:32:48	Name: _ga Value: GA1.1.1193569433.1691808612
otnolatrnup.com/	1969-12-31 23:59:59	Name: IKSR Value: {}
otnolatrnup.com/	1969-12-31 23:59:59	Name: INF_DFL8 Value: false
otnolatrnup.com/	1970-01-20 23:32:48	Name: IUID Value: 9d9d5acd-105d-470e-9b7b-9f61880cfdb6
otnolatrnup.com/	1969-12-31 23:59:59	Name: ISSH Value: 6D38E6
otnolatrnup.com/	1969-12-31 23:59:59	Name: VMI Value:
otnolatrnup.com/	1970-01-20 23:32:48	Name: CHN Value: #[]
otnolatrnup.com/	1970-01-20 23:32:48	Name: MSSH Value: #{}
otnolatrnup.com/	1970-01-20 23:32:48	Name: MSRH Value: #{}
otnolatrnup.com/	1970-01-20 23:32:48	Name: ILP Value: {"Profile":{"Audiences":{"Audience":[],"ThirdPartyAudience":[]}},"CreatedDate":"2023-08-12T02:50:11.8819946Z"}
otnolatrnup.com/	1970-01-20 23:32:48	Name: ILPLU Value: #8/12/2023 2:50:11 AM
otnolatrnup.com/	1970-01-20 23:32:48	Name: ILEALC Value: #8/12/2023 2:50:11 AM
otnolatrnup.com/	1970-01-20 13:57:03	Name: ILMPF Value: #True
otnolatrnup.com/	1970-01-20 23:32:48	Name: IPMPLU Value: #
otnolatrnup.com/	1970-01-20 23:32:48	Name: IPMUID Value: #
otnolatrnup.com/	1970-01-20 23:32:48	Name: BSWUID Value: #
otnolatrnup.com/	1970-01-20 23:32:48	Name: IBL Value: #[]
otnolatrnup.com/	1970-01-20 23:32:48	Name: ISH Value: #{"101":[{"SId":"6D38E6","D":"23/8/11T19:50:11"}]}
otnolatrnup.com/	1970-01-20 23:32:48	Name: ISH_Q Value: #[101]
.mediafire.com/	1970-01-20 22:42:24	Name: cf_clearance Value: MCxQetC9UdRO6EDpORkYfUVAxtYnc41KaSHBjvYAcyo-1691808612-0-1-51044509.866ed45a.6051ae9-0.2.1691808612
.sharethrough.com/	1970-01-20 14:40:00	Name: stx_user_id Value: f2b5a372-93c6-4d44-acbf-08d1bee4e61d
.crwdcntrl.net/	1970-01-20 20:25:33	Name: _cc_dc Value: 0
.crwdcntrl.net/	1970-01-20 20:25:33	Name: _cc_id Value: 1981ee695b2b84cbb6bd3e699424e366
.crwdcntrl.net/	1970-01-20 20:25:36	Name: _cc_cc Value: "ACZ4XmNQMLS0MExNNbM0TTJKsjBJTkoyS0oxBvItTYxMUo3NzBiAIOXa5xQQDQUAXgALVg%3D%3D"
.crwdcntrl.net/	1970-01-20 20:25:36	Name: _cc_aud Value: "ABR4XmNgYGBIufY5BUhBAQAgGAKS"
.mediafire.com/	1970-01-20 20:25:36	Name: _cc_id Value: 1981ee695b2b84cbb6bd3e699424e366
.mediafire.com/	1970-01-20 13:58:15	Name: panoramaId_expiry Value: 1691895012484
.mediafire.com/	1970-01-20 13:58:15	Name: panoramaId Value: 44b27bd81aa6654ce8887d6d0495a9fb927a49eecf4e37c97a9b8fb3d8d95d9c
.mediafire.com/	1970-01-20 13:58:15	Name: panoramaIdType Value: panoDevice
.openx.net/	1970-01-20 22:42:24	Name: i Value: b091e76f-6114-4da5-9b4d-6ebc0d0d3ec9\|1691808612
.mediafire.com/	1970-01-20 23:18:24	Name: __gads Value: ID=b1e8c455a0e30cfd:T=1691808612:RT=1691808612:S=ALNI_MaigaT6RRdtop4q0FK_g0HgsNM4Ig
.mediafire.com/	1970-01-20 23:18:24	Name: __gpi Value: UID=00000d8a859f4967:T=1691808612:RT=1691808612:S=ALNI_MYuBGPYklCBq05Gi7Z7xK1zV15AOg
.mediafire.com/	1970-01-20 23:32:48	Name: _ga_K68XP6D85D Value: GS1.1.1691808611.1.0.1691808612.59.0.0
.doubleclick.net/	1970-01-20 23:32:48	Name: IDE Value: AHWqTUlZx_fVXa0lfHz54GkWaRMlph4ax5qSx6jVfswpgTShwwzuvQ4T2pIwL_6eo6o
.criteo.com/	1970-01-20 23:18:24	Name: uid Value: 68ec1a45-4112-4d0d-b841-df8394c0f20d
.mediafire.com/	1970-01-20 23:18:24	Name: cto_bundle Value: Iw3uh18zSDkyTWFCcWRvOFlaaFdPYVZ0Tk01VEg5QXQyemNYMFVjc1VFSnJNNXlpSG9CU3Q3NW5LZmFvalNYJTJCNXdzdjlBWVMwTEY0cUFPJTJGVHhZclFGN0theHMlMkJ3SXJpamdIdnJxaFptMGFDT0JBazNhZE5QOU5CSjhZdXFsJTJCRXlBS1Mwc2RVZTBEM3olMkZrZDFUU1dCTWFPRVFRJTNEJTNE
.pubmatic.com/	1970-01-20 22:42:24	Name: KADUSERCOOKIE Value: D4E60507-3D6E-4B86-BC65-074A03A0A8BC
.yahoo.com/	1970-01-20 22:42:46	Name: A3 Value: d=AQABBGXz1mQCELZRftwdSjdGWg10v2DbB80FEgEBAQFE2GTgZAAAAAAA_eMAAA&S=AQAAAhgbsjF7pylAGQnrI-qcF7I
.media.net/	1970-01-20 22:42:24	Name: visitor-id Value: 3348102148992256000V10
.adentifi.com/	1970-01-20 23:32:48	Name: adtheorent[cuid] Value: cuid_f642f5c1-38ba-11ee-94b7-1297b61989fd
.bidswitch.net/	1970-01-20 22:42:24	Name: tuuid Value: 8c1fa4d4-d86f-4c58-b47d-bc009fd65439
.bidswitch.net/	1970-01-20 22:42:24	Name: c Value: 1691808614
.bidswitch.net/	1970-01-20 22:42:24	Name: tuuid_lu Value: 1691808614
.pm-serv.co/	1970-01-20 22:42:24	Name: visitor-id Value: 3348102148992284000V10
.go.sonobi.com/	1970-01-20 14:40:00	Name: __uis Value: c05c2308-1beb-44b3-94bf-f9ad2dcc55ea
.go.sonobi.com/	1969-12-31 23:59:59	Name: HAPLB8G Value: s86167\|ZNbza
.mfadsrvr.com/	1970-01-20 23:32:48	Name: c Value: 1691808614
.mfadsrvr.com/	1970-01-20 23:32:48	Name: tuuid_lu Value: 1691808614
.mfadsrvr.com/	1970-01-20 23:32:48	Name: tuuid Value: ae35350f-54ef-4faa-aa35-923f5bed90ca
.krxd.net/	1970-01-20 18:16:00	Name: _kuid_ Value: PutsrCJr
.mfadsrvr.com/	1970-01-20 23:32:48	Name: ssh Value: !bidswitch,1691808614
.media.net/	1970-01-20 14:37:07	Name: data-so Value: c05c2308-1beb-44b3-94bf-f9ad2dcc55ea~~6
.media.net/	1970-01-20 22:42:24	Name: data-mf Value: ae35350f-54ef-4faa-aa35-923f5bed90ca~~1
.media.net/	1970-01-20 22:40:58	Name: data-bs Value: 8c1fa4d4-d86f-4c58-b47d-bc009fd65439~~1
.adsrvr.org/	1970-01-20 22:43:51	Name: TDID Value: 0f47a966-b427-4320-bc28-81b881249716
.amazon-adsystem.com/	1970-01-20 19:32:19	Name: ad-id Value: A_CA7oBaGUnUs1bwvcd7mtA
.amazon-adsystem.com/	1970-01-20 23:32:48	Name: ad-privacy Value: 0
.pubmatic.com/	1970-01-20 16:06:24	Name: KRTBCOOKIE_80 Value: 22987-CAESEFBXn7OfJmrSDd4kLz0XOTI&KRTB&23025-CAESEFBXn7OfJmrSDd4kLz0XOTI&KRTB&23386-CAESEFBXn7OfJmrSDd4kLz0XOTI
.media.net/	1970-01-20 14:16:58	Name: data-g Value: CAESEHcx54AMW0a8aFTSajpM7eQ~~6
.media.net/	1970-01-20 14:16:58	Name: data-ttd Value: 0f47a966-b427-4320-bc28-81b881249716~~1
.zemanta.com/	1970-01-20 22:42:24	Name: zuid Value: l5cgCCrvH8Bt2IR0Zk6g
.pubmatic.com/	1970-01-20 16:06:24	Name: KRTBCOOKIE_377 Value: 6810-0f47a966-b427-4320-bc28-81b881249716&KRTB&22918-0f47a966-b427-4320-bc28-81b881249716&KRTB&23031-0f47a966-b427-4320-bc28-81b881249716
.w55c.net/	1970-01-20 14:40:00	Name: matchmedianet Value: 5
.w55c.net/	1970-01-20 23:28:29	Name: wfivefivec Value: YRRi7ETa1QuEHJ5
.w55c.net/	1970-01-20 14:40:00	Name: matchsharethrough Value: 5
.bluekai.com/	1970-01-20 18:21:46	Name: bku Value: ikG99s4pNZEgAWDV
.bluekai.com/	1970-01-20 18:21:46	Name: bkpa Value: KJ0Wpfartp9DCKs7DzKArPuDnWWCZCHauoz6HRGuftqnHZgRzxFqvj9I4HWQKbzp4ze8fbIctdTKt1wEXTdefrU6rn0rPozdfEmdQHbI6fabdUqjfybUk8IltI2gyKGYZQvSfzwNTfpzd5tdqzblp5l0bbt98FtbFNydpALOp4q6FM2reQD60Ij6tZbVTb5MpS8Qy7JG5uki3I5xjqStOv3ghmiu7l/4nSSQxMqmDoCNpTuNB9zVHDBjIj/dGSD/SOuZDiAxlavzr7Ud8U3cYPq/tmELmmkNM0GBAd1Q7scur2UvKjJCcchFDAHitQlxNiDN0+SCybeAuOnd2XrRGsZRoovHousDo5YrekWBDEMXUJTkpEmVpvYFDMDe5WZmKGR7uSxbYLZjuRYJTfgJ3kFlQsAvIYM/XHYCiG65RTFx0lq16uwwvr4RVHfqZ3v0wYrjCDxp+7Dj9y8OMDpD0ctUzbhBdmGlDuW/MXRg7SBt7aoJxkGp3E3nmQte3FXB9eiC7Jx=
.media.net/	1970-01-20 22:40:58	Name: data-xu Value: YRRi7ETa1QuEHJ5~~8
.rubiconproject.com/	1970-01-20 22:42:24	Name: khaos Value: LL7F62HL-1A-EZMV
.rubiconproject.com/	1970-01-20 22:42:24	Name: audit Value: 1\|osjx4tjB1LCnD5y/uEnu4gTkAzg0tJ7T5jDc+sisrTrWwnqaNf+hUX8Vwpxy80bIUQyoLsC3huckEa5N2k7U1SEEFoCDRlfY38xmjE6FV7eokz1EXaiiKaMcNyKzNUHRdNagGyTJzJFQ0RDbyPMfA1uI6U4bt/rw
.adform.net/	1970-01-20 14:41:27	Name: C Value: 1
.adform.net/	1970-01-20 15:23:12	Name: uid Value: 7333337892909792278
.creativecdn.com/	1970-01-20 22:42:24	Name: ts Value: 1691808615
.creativecdn.com/	1970-01-20 22:42:24	Name: u Value: 3fihSmmzCYC79SsfRXmo
.media.net/	1970-01-20 14:40:00	Name: data-c Value: 68ec1a45-4112-4d0d-b841-df8394c0f20d~~1
.media.net/	1970-01-20 14:40:00	Name: data-c-ts Value: 1691808615
.media.net/	1970-01-20 22:42:24	Name: data-rbh Value: 3fihSmmzCYC79SsfRXmo~~1
.pubmatic.com/	1970-01-20 16:06:24	Name: KRTBCOOKIE_964 Value: 20918-cuid_f642f5c1-38ba-11ee-94b7-1297b61989fd&KRTB&23354-cuid_f642f5c1-38ba-11ee-94b7-1297b61989fd&KRTB&23415-cuid_f642f5c1-38ba-11ee-94b7-1297b61989fd&KRTB&23422-cuid_f642f5c1-38ba-11ee-94b7-1297b61989fd
.adnxs.com/	1970-01-20 16:06:24	Name: uuid2 Value: 6509273573175081155
.pubmatic.com/	1970-01-20 16:06:24	Name: KRTBCOOKIE_57 Value: 22776-6509273573175081155&KRTB&23339-6509273573175081155
.nrich.ai/	1970-01-20 23:32:48	Name: _nauid Value: c062d3d9-54db-430e-bf46-3625d2539b54
.everesttech.net/	1970-01-20 22:42:24	Name: everest_g_v2 Value: g_surferid~ZNbzaAAErzcYwQA4
pool.admedo.com/	1970-01-20 22:42:24	Name: tuuid Value: c095565d-cb0a-4027-b32a-eb9a24889f27
pool.admedo.com/	1970-01-20 22:42:24	Name: c Value: 1691808616
.rfihub.com/	1970-01-20 23:18:24	Name: eud Value: H4sIAAAAAAAA_9vEyGtoZmloYWBhZmhuYGIKABvr1lwQAAAA
.bidr.io/	1970-01-20 23:25:22	Name: bitoIsSecure Value: ok
.pubmatic.com/	1970-01-20 16:06:24	Name: KRTBCOOKIE_466 Value: 16530-8c1fa4d4-d86f-4c58-b47d-bc009fd65439
.pubmatic.com/	1970-01-20 16:06:24	Name: KRTBCOOKIE_18 Value: 22947-968625789851924408
.bidr.io/	1970-01-20 23:25:22	Name: bito Value: AAFAlE7JrecAACkwHjAhPg
.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAA_-MSNjS3MDY3Nzc2MjEwNDc2NTczNRTiM9R19iu0cPZKSw3MzSgHAIochpUlAAAA
.rfihub.com/	1970-01-20 23:18:24	Name: rud Value: H4sIAAAAAAAA_-MSNjS3MDY3Nzc2MjEwNDc2NTczNRTiM9R19iu0cPZKSw3MzSgHAIochpUlAAAA
pool.admedo.com/	1970-01-20 22:42:24	Name: tuuid_lu Value: 1691808617
.media.net/	1970-01-20 22:40:58	Name: data-rk Value: 1783777324017357651~~8
.thrtle.com/	1970-01-20 18:44:48	Name: mc Value: eyJpZCI6IjNiYjViMTIwLTYzZmMtNDNjMS1hOTc3LTcwOWFmNjQxMWE0OCIsImwiOjE2OTE4MDg2MTc0MzAsInQiOjF9
.technoratimedia.com/	1970-01-20 23:32:48	Name: tads_uid Value: 3EF19D5DA37645C09668ADD2F6DD6276
.technoratimedia.com/	1970-01-20 23:32:48	Name: tads_uid_cd Value: 20230812025017+0000
.technoratimedia.com/	1970-01-20 23:32:48	Name: tads_zora Value: 2
.casalemedia.com/	1970-01-20 22:42:24	Name: CMID Value: ZNbzafQBmdgSEg05bWZQ9wAA
.casalemedia.com/	1970-01-20 16:06:24	Name: CMPS Value: 1357
.casalemedia.com/	1970-01-20 16:06:24	Name: CMPRO Value: 1357
.contextweb.com/	1970-01-20 22:42:24	Name: pb_rtb_ev Value: 3-1m8l\|7dN.0.AAFAlE7JrecAACkwHjAhPg
.contextweb.com/	1970-01-20 22:35:12	Name: V Value: NKXYIZbnDwd5
bh.contextweb.com/	1969-12-31 23:59:59	Name: INGRESSCOOKIE Value: b0e652f6896e8482
.mediafire.com/	1970-01-20 22:42:24	Name: FCNEC Value: %5B%5B%22AKsRol9KkcokbvQ2YxIfhKLfLnS4s679E1w-Hh2S_Xm24Krxq7DPd0fP9yJsb7xrP5ocdw9vCRVelgXN897TN0dM-xCABjTJkn8GD_RQB0Y6GciigAjzjLkysEnPkaiSGN1O5L7z15NWZ-SoP_MubX202qQMg8f9NQ%3D%3D%22%5D%2Cnull%2C%5B%5D%5D
.deepintent.com/	1970-01-20 23:32:48	Name: CDIUSER Value: di_3d36fa00dc5547bf96a45
.quantserve.com/	1970-01-20 16:06:24	Name: d Value: ELEBCwHYKfijAA
.quantserve.com/	1970-01-20 23:27:03	Name: mc Value: 64d6f369-de2c4-8ef90-c9bbb
.pubmatic.com/	1970-01-20 16:06:24	Name: KRTBCOOKIE_153 Value: 1923-KHV4xHhyKsszJXnAfXUxynsnJcIzIiWQfCPHGROn&KRTB&19420-KHV4xHhyKsszJXnAfXUxynsnJcIzIiWQfCPHGROn&KRTB&22979-KHV4xHhyKsszJXnAfXUxynsnJcIzIiWQfCPHGROn&KRTB&23403-KHV4xHhyKsszJXnAfXUxynsnJcIzIiWQfCPHGROn
.smartadserver.com/	1970-01-20 23:28:29	Name: TestIfCookieP Value: ok
.smartadserver.com/	1970-01-20 22:43:51	Name: csync Value: 127:AAFAlE7JrecAACkwHjAhPg
.smartadserver.com/	1970-01-20 23:28:29	Name: pid Value: 5640036438096218636
.pubmatic.com/	1970-01-20 16:06:24	Name: KRTBCOOKIE_699 Value: 22727-AAFAlE7JrecAACkwHjAhPg
.pubmatic.com/	1970-01-20 16:06:24	Name: chkChromeAb67Sec Value: 3
.pubmatic.com/	1970-01-20 13:58:15	Name: pi Value: 158936:4
.pubmatic.com/	1970-01-20 16:06:24	Name: DPSync3 Value: 1691884800%3A248%7C1692403200%3A265%7C1693008000%3A263_201
.pubmatic.com/	1970-01-20 16:06:24	Name: SyncRTB3 Value: 1693008000%3A176_5_46_54_165_3_48_231_22_8_55_249_234_71_220_233_240_250_178_56_13_21_104_166%7C1692662400%3A63%7C1692403200%3A223_2_15%7C1694390400%3A224%7C1693094400%3A35
.w55c.net/	1970-01-20 14:40:00	Name: matchpubmatic Value: 5
.pubmatic.com/	1970-01-20 16:06:24	Name: KRTBCOOKIE_107 Value: 1471-uid:YRRi7ETa1QuEHJ5&KRTB&23421-uid:YRRi7ETa1QuEHJ5
.pubmatic.com/	1970-01-20 14:40:00	Name: KRTBCOOKIE_391 Value: 22924-7333337892909792278&KRTB&23263-7333337892909792278&KRTB&23481-7333337892909792278
.pubmatic.com/	1970-01-20 14:40:00	Name: PugT Value: 1691808618
.tapad.com/	1970-01-20 15:23:12	Name: TapAd_TS Value: 1691808618496
.tapad.com/	1970-01-20 15:23:12	Name: TapAd_DID Value: 3a3c754e-49da-4120-808f-90244ab39d1e
sync.srv.stackadapt.com/	1970-01-20 22:42:24	Name: sa-user-id Value: s%3A0-73767d58-2691-5c90-4114-42ba9f1b1bd6.1%2Bzc3KxIj2py5u9K5093IP%2FP4M16NtGC%2FkOzQD%2FjJQI
.srv.stackadapt.com/	1970-01-20 22:42:24	Name: sa-user-id Value: s%3A0-73767d58-2691-5c90-4114-42ba9f1b1bd6.1%2Bzc3KxIj2py5u9K5093IP%2FP4M16NtGC%2FkOzQD%2FjJQI
sync.srv.stackadapt.com/	1970-01-20 22:42:24	Name: sa-user-id-v2 Value: s%3Ac3Z9WCaRXJBBFEK6nxsb1lYwDiI.D%2FiM%2FTlyaBJuKThB%2B%2F3gUoO%2FFomRH5XFEtc8oRP%2FsoY
.srv.stackadapt.com/	1970-01-20 22:42:24	Name: sa-user-id-v2 Value: s%3Ac3Z9WCaRXJBBFEK6nxsb1lYwDiI.D%2FiM%2FTlyaBJuKThB%2B%2F3gUoO%2FFomRH5XFEtc8oRP%2FsoY
sync.srv.stackadapt.com/	1970-01-20 22:42:24	Name: sa-user-id-v3 Value: s%3AAQAKIJwxWinHO9y-l2SQ0fwZPvXXJlSPPOa82BppWAvRYhIaEHwYBCDq5tumBjABOgShleyOQgR6gQi_.aYTMi4kK7DV9b3zgJtsuW6eutYzIPr9g%2BBc%2BNUMuAFc
.srv.stackadapt.com/	1970-01-20 22:42:24	Name: sa-user-id-v3 Value: s%3AAQAKIJwxWinHO9y-l2SQ0fwZPvXXJlSPPOa82BppWAvRYhIaEHwYBCDq5tumBjABOgShleyOQgR6gQi_.aYTMi4kK7DV9b3zgJtsuW6eutYzIPr9g%2BBc%2BNUMuAFc
.pubmatic.com/	1970-01-20 14:40:00	Name: SPugT Value: 1691808617
.pubmatic.com/	1970-01-20 16:06:24	Name: KRTBCOOKIE_860 Value: 16335-c3Z9WCaRXJBBFEK6nxsb1lYwDiI&KRTB&23334-c3Z9WCaRXJBBFEK6nxsb1lYwDiI&KRTB&23417-c3Z9WCaRXJBBFEK6nxsb1lYwDiI&KRTB&23426-c3Z9WCaRXJBBFEK6nxsb1lYwDiI
.adsrvr.org/	1970-01-20 22:43:51	Name: TDCPM Value: CAESFAoFdGFwYWQSCwiOt6LWnLqNPBAFGAEgASgCMgsIjq-lg7O6jTwQBTgBWgV0YXBhZGAC
.tapad.com/	1970-01-20 15:23:12	Name: TapAd_3WAY_SYNCS Value: 1!5378
.3lift.com/	1970-01-20 16:06:24	Name: tluid Value: 1815358264774354897563
.tribalfusion.com/	1970-01-20 16:06:24	Name: ANON_ID Value: afntuJmge06ousnA6vvPDLbPB5LHQ3C8BF6QY0AVacRtrdWchk4qlAKVecrB1QOZb6HjiZc008enNaFZcTaWJDWZcgZcy

11 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'ambient-light-sensor'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'bluetooth'.
other	warning	URL: https://www.googletagservices.com/dcm/impl_v96.js(Line 77) Message: Unrecognized feature: 'attribution-reporting'.
other	warning	URL: https://www.googletagservices.com/dcm/impl_v96.js(Line 88) Message: Origin trial controlled feature not enabled: 'attribution-reporting'.
other	warning	URL: https://www.googletagservices.com/dcm/impl_v96.js(Line 77) Message: Unrecognized feature: 'attribution-reporting'.
other	warning	URL: https://www.googletagservices.com/dcm/impl_v96.js(Line 77) Message: Unrecognized feature: 'attribution-reporting'.
network	error	URL: https://us01.z.antigena.com/l/FZt5psomz79DGe~O1V5PkX7S8-NVJIdw0INR-k~Duu9c36GyIDyElf4y8fa2~-9InNSq4BCadyu-8tQSiIkaVleT~Yh8GI4ocNSeo4~API4DJEsYNIMg2sPMMXvjcckTUFy53ZYw3gzv35jSAchydRkSr2XFgqe-kzzlKTlv1VT7-TlAc0PcX7nFzbKlHypwbpU3AWUAJgUx%20D4E60507-3D6E-4B86-BC65-074A03A0A8BC&rnd=RND Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
network	error	URL: https://id5-sync.com/api/esp/increment?counter=no-config Message: Failed to load resource: net::ERR_CONNECTION_CLOSED
deprecation	warning	URL: https://choices.trustarc.com/ca?aid=adtheorent01&pid=adtheorent01&cid=12483&w=728&h=90&c=adtheorent01cont334143&js=pmw2(Line 248) Message: Listener added for a synchronous 'DOMNodeInserted' DOM Mutation Event. This event type is deprecated (https://w3c.github.io/uievents/#legacy-event-types) and work is underway to remove it from this browser. Usage of this event listener will cause performance issues today, and represents a risk of future incompatibility. Consider using MutationObserver instead.
deprecation	warning	URL: https://choices.trustarc.com/ca?aid=adtheorent01&pid=adtheorent01&cid=12483&w=728&h=90&c=adtheorent01cont334143&js=pmw2(Line 248) Message: Listener added for a synchronous 'DOMNodeInserted' DOM Mutation Event. This event type is deprecated (https://w3c.github.io/uievents/#legacy-event-types) and work is underway to remove it from this browser. Usage of this event listener will cause performance issues today, and represents a risk of future incompatibility. Consider using MutationObserver instead.
deprecation	warning	URL: https://choices.trustarc.com/ca?aid=adtheorent01&pid=adtheorent01&cid=12483&w=300&h=250&c=adtheorent01cont334144&js=pmw2(Line 248) Message: Listener added for a synchronous 'DOMNodeInserted' DOM Mutation Event. This event type is deprecated (https://w3c.github.io/uievents/#legacy-event-types) and work is underway to remove it from this browser. Usage of this event listener will cause performance issues today, and represents a risk of future incompatibility. Consider using MutationObserver instead.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

90c7642332251a82bbf0a72259d1c76e.safeframe.googlesyndication.com
a.tribalfusion.com
ad-delivery.net
ad.crwdcntrl.net
ad.doubleclick.net
ad.mrtnsvr.com
ad.turn.com
ads.playground.xyz
ads.pubmatic.com
analytics.google.com
api.amplitude.com
api.btloader.com
b1sync.zemanta.com
bcp.crwdcntrl.net
beacon.krxd.net
beacon.lynx.cognitivlabs.com
bh.contextweb.com
btloader.com
btlr.sharethrough.com
c.pm-serv.co
c1.adform.net
c21lg-d.media.net
cdn.amplitude.com
cdn.id5-sync.com
cdn.jsdelivr.net
cdn.otnolatrnup.com
cdn.prod.uidapi.com
choices.trustarc.com
choices.truste.com
cm.adgrx.com
cm.g.doubleclick.net
cms.analytics.yahoo.com
cms.quantserve.com
contextual.media.net
core.iprom.net
crb.kargo.com
creativecdn.com
cs.media.net
csi.gstatic.com
csync.loopme.me
dis.criteo.com
dmp.truoptik.com
dsp.nrich.ai
eb2.3lift.com
fonts.gstatic.com
fundingchoicesmessages.google.com
g.ezoic.net
go.ezodn.com
gocm.c.appier.net
google-bidout-d.openx.net
gum.criteo.com
hblg.media.net
hbopenbid.pubmatic.com
hbx.media.net
i.liadm.com
i6.liadm.com
ib.adnxs.com
id5-sync.com
image2.pubmatic.com
image4.pubmatic.com
image6.pubmatic.com
invstatic101.creativecdn.com
ipac.ctnsnet.com
l.pm-serv.co
lg3.media.net
match.adsrvr.org
match.deepintent.com
match.prod.bidr.io
match.sharethrough.com
matching.truffle.bid
mnadshield-a.akamaihd.net
mweb.ck.inmobi.com
oa.openxcdn.net
oajs.openx.net
otnolatrnup.com
p.rfihub.com
pagead2.googlesyndication.com
pixel-sync.sitescout.com
pixel.rubiconproject.com
pixel.tapad.com
pm.w55c.net
pmp.mxptint.net
pool.admedo.com
pr-bh.ybp.yahoo.com
prebid.media.net
privacy.gatekeeperconsent.com
pubmatic-match.dotomi.com
px.owneriq.net
rtb-csync.smartadserver.com
rtb.adentifi.com
rtb.mfadsrvr.com
s.amazon-adsystem.com
s.tribalfusion.com
secure.adnxs.com
securepubads.g.doubleclick.net
simage2.pubmatic.com
simage4.pubmatic.com
ssum-sec.casalemedia.com
st.pubmatic.com
stags.bluekai.com
static.cloudflareinsights.com
static.criteo.net
static.mediafire.com
static.xx.fbcdn.net
stats.g.doubleclick.net
sync-tm.everesttech.net
sync.1rx.io
sync.bfmio.com
sync.crwdcntrl.net
sync.go.sonobi.com
sync.ipredictive.com
sync.srv.stackadapt.com
sync.targeting.unrulymedia.com
sync.technoratimedia.com
t.adx.opera.com
tags.bluekai.com
tags.crwdcntrl.net
the.gatekeeperconsent.com
thrtle.com
tpc.googlesyndication.com
translate.google.com
translate.googleapis.com
um.simpli.fi
ums.acuityplatform.com
ups.analytics.yahoo.com
us-u.openx.net
us01.z.antigena.com
warp.media.net
www.ezojs.com
www.facebook.com
www.google-analytics.com
www.google.ca
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.mediafire.com
x.bidswitch.net
id5-sync.com
104.107.25.203
104.126.116.169
104.127.64.185
104.16.53.48
104.16.57.101
104.17.216.204
104.18.24.173
104.19.214.37
104.21.93.25
104.22.53.86
104.26.2.70
104.26.6.139
104.36.115.111
104.36.115.113
108.138.128.46
108.139.29.37
130.211.23.194
142.250.206.99
142.250.64.98
142.250.65.238
142.250.72.102
142.250.80.72
142.250.80.99
142.250.81.228
142.251.32.106
142.251.32.98
142.251.40.131
142.251.40.142
142.251.40.161
142.251.40.162
142.251.40.193
142.251.40.194
142.251.41.3
151.101.129.229
151.101.66.49
162.248.18.34
162.248.18.36
162.248.18.37
162.55.120.196
172.105.221.29
172.253.63.155
172.64.136.15
172.67.144.62
173.231.178.85
18.164.114.27
18.164.115.7
18.164.116.28
18.207.17.231
18.233.70.253
185.167.164.37
185.184.8.90
192.184.68.254
192.40.39.223
193.122.130.38
195.5.165.20
198.148.27.131
199.127.204.171
199.38.167.130
20.85.134.6
207.198.113.89
23.105.12.172
23.198.216.24
23.47.144.150
23.52.163.93
23.77.173.8
3.225.218.10
3.227.250.65
3.233.86.45
3.33.220.150
31.13.71.36
31.13.71.7
34.102.146.192
34.102.163.6
34.102.253.54
34.107.148.139
34.111.113.62
34.120.135.53
34.133.71.175
34.196.116.51
34.230.170.218
34.238.29.96
34.96.70.87
35.186.193.173
35.207.24.140
35.210.53.219
35.211.178.172
35.214.211.255
35.244.159.8
35.71.139.29
38.68.201.140
40.76.134.238
44.210.181.70
50.116.194.21
50.16.223.119
51.255.68.171
52.21.24.201
52.35.197.209
52.44.140.40
52.46.155.104
54.156.134.244
54.156.202.94
54.174.91.172
54.197.248.161
54.225.185.242
54.236.93.201
54.85.119.254
64.202.112.127
68.67.179.166
69.166.1.34
69.173.151.100
69.90.254.78
74.119.119.131
74.119.119.139
74.119.119.150
76.13.32.147
8.18.45.76
8.18.47.7
8.28.7.83
82.145.213.8
01b792e7e27d844ce1dc095fbf2f4dc20e69b673683ff2475bdc93898a81f1ed
03c8d2dc7d985c3004ff2cd6d8148dd03560f37ed15efdf6c2d7f4d771d0e599
04d244dceb2702b72b88443cd322bb207495a306146f5aef93f22f53bc005139
055dafe5d715713d106c15306e2bb69ec70ef268aa604e934d7c57b0ba4b5b3d
05cfe92d9794a54258a19bfec7ae0faa73f61b66416983136594b4f95bb114dd
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0ba00d00f24a26bd226f0bb7d0d103a7fcf6839d7d4b9210e04cbf59c71c2318
0c34dc4de2a524e93b1315788f03ba101b99e22ff50082945e84a00368d73e16
0e0449433f5a829a39e7183a95731f17604a3eeca7127eee349f2ed56d19863b
10a0cfddf4f2bc4d4e9c8f38d9bbddc16d88d0847f10cf03805b6723c9ea68c2
134f6cbb7ebd61ea7bb8b6e67db98e7f6173068b4e6f795f979e5bd13f039c62
14b4caf239342334bf7b8280605e60f67c33c589762047b8bd67c0552fdb80a6
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
20ab807515e08c1191e94fedab15f20c459af2235c27cecee7c581705fbe9dbe
238331d3bee21cf334365e5e4f91796e9cc156e3c01c4f0f07cb11a4883158ba
24434236112e2c40b190268b75b5a499d50fa6a4cd93664b9ec82f7852865ebf
2450e5580136f94bda7ccf95e3167b57e15b05b513a430967943a50036fa47a4
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
30887d75ca7268ceabc93067bca019f8ffe07189630a759407b236736e1f15af
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
3223b29aca8ce09be87bfa5da70205a57b63a4937976ea43bf5e091190850ba4
36272d4861eb58d40d570890ee3aec1d27bbe70c1444b442d4da42624d7b7f0f
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068
36c705c576acbc4bc932652c40fd363bd6ece856f46aa31754be548a3356d103
3c66bfef67c4e703c1b16e28b6c8ee4da73ddb2bb49ae3d5254bcaaa2b4065ff
3d41b5eccb6d46de2253c6c225a6aef2009f266fc4180385b9d1ad17c19e7329
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
403d274cd57351c6a4b11a33ad7ba717e7f987d6d077ffc7b0cb10ec7288a0af
40cd1ad9d1bdbded676fc0fc4408ce80371fab72a26fce6c873e50c01e44e1e9
412cd8a769b578a0721cae27c1e8162a0363af2241047467bc58c1eb9545b156
42d1bd1c387d39e4717a1c6ced827a9e0fb0cbba6d66c259b8a84840721b9216
4342feac38021c4fe3069eba0edf1c2e1b4345e2b548b0afb7ab21b7369b3bc8
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4a31f5f054b33a0703dbbe2d71dcdfdbbec556ebc233930f6ab9e06d5cef9aa8
4bffdea8f53f96085b1f6d5e1eb5e1c748aad46c20e75e7ca1e64d482af806d6
4dac0026fbfa2615dce30c0af12830863fe885f84387a0147b9e338f548d5d82
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f49e616d278a16d9cd55a6d5fe19c99ebd37d7d3848d14422190618b67011e0
4f6059a54189e30989c1799ac1e742e15df6e78d350cb66826ac6b3c64f81626
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
529040ffb31edc3b458168066d513769520e983e2cc9ffb8d6c9ea0d98c57a11
544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9
557cbfb9fd31820240adbd25267f36c45948ab89f9feb8b1cea4bb9e4d6e63b0
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5625762bcbaa3bd50fc1a88f5d31e8fae33b81c9b8f01930ed7264452af7cb01
58226a8f973d9946708eef4e2bcb15843047454fa801fdb8f6ac1e8d06ee2ea4
5bc5c07e0be95a6f4bcee0290f34afc7f488d0b17873727b7b3ace6be6a4e029
5cd425896ccfd119ee720821af6a832189231c40d52ae8cad03480886967b984
5efd28d69d6d44e5e9ed27b8550d6464b20a507bd8b9f9d5c68e9789c48123cc
6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824
618324322be1f1efedd5d524cef46c7596c9e1896e03b1abb695e0afeb267ffd
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6318394f737c66f0e2ccfcd88e3935c6667633a1b95fa29fba2b75431d55eef2
65ae7f8036c33ec2608712f439ed87a34c21e51d1f5e811f14eff3c4de93e1fb
6617d478a8c27a2bcd49206829ce59edc737d35d562a64155429ad4f90317e53
668c3d4710b07f2327e63f68caefd38b90999af3e3614532b9c0eafc51ac383c
684b000cd0e5e065490fc1d6dc84790e95f90e0116b1ffd7b95b036dbd96dd1c
6dc7917529ca101209b15752c61816375bbbb8b7b9809efb540ccacf45748d09
6fa04d8b4b07ebd5ebb250e33b532615e80dd02d46afb5cc0654c3c128b1c427
70662ada4a7427f43cc2e1c4215f759613bf6ca586b96c559fd139b69d794df3
71ac1f412d544231441eabf3f0b2437b769aba569c637a3e9524e6421d781cc9
71ca2652e2b3ffd3c0ec966958604714ce6c7af01d961b44adc438518eb58cb3
720671166ac43aba99e3952b0b9341ab4e0fee1fd891db54e2a07f05db653142
75cca64ef78b1e3def51ffafbd10aa1ef20bf3056548a48de0ec614dae7c9cc5
796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90
7adfac299561b9d5ab03c88e9d582cf76bd31746a4c0564d7d0d428199c943df
7ba1bc2084def769e77a7dbf97cd91d68fe6c6d55b5d183a7d36630da8da2b02
7d1815530c1476d4fbcd449d9179aebb295297ec48b4b15bc123c88a8983c6fb
7f3d9b60e90a33328a19ef934c64e5a00542fd76aeeb3cfc3cfbadb8fc876f5d
82b94716473aa225e715e117802145c5d2d725aa1ba9d476d61a5d3da16a8c26
843dea1d022be79c95643821b1140cc2d081094ee77ccf7a1f637a1ad8fca33f
8539c91ae0a82f8cab27d481ea38ac4e66d1e5b36701fe295bcba4399b9255bd
855221f2bad2660657296e432e19d90752d35aaa9387df5c6f858c9bd5896429
8685bca4bb29a8a8289c3effd282cb8718a7d14da65f1397481f213b15469f50
896761f91fce50ed2987f615631341a0ddeddf1354292e7cb8b3649f428bc12c
8a1ca667f8be1d9635b262dc3b15aeecc9d61e0fc2457a1f95ccf6d0bc25a37a
8bacb685be7cec7f41a0270e694fa90c0fb448b2c0ded5f1734baf51050d695c
8bd69d0dddab8bc553263c254faad469c2a3e08bfb0b737e763f7feabe571225
8d42bc0130428d3921d07f31016f289b72b137074dd9c4428b03ef3c7a3dfbba
8d5f45c56ad6b8e642270d1a8ac31ee840885eb7a30a9efed5a9f92a81d31aca
8f0ac09fd1c5264d71eb7d98b593c70601031bf6240774d1c4f216857c77d3c4
9058feb51314767584403e9a88d3f8db21f883e95199a0c7a448b7d3361d447e
9247b3426b30ec2273d58b8c415757e1fceda5d6532a60de0b585c0bb0eec8ed
94061a925c5d84bf776554ac894020c407a9a4c89b979d538de3cf45591fe423
9691891276a4b6ad0ef2da39b1dfc159f995fa8d309ba349115469b8b0cad637
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
990e389207cbc5db9675c8dffc8e933f7e7330c0e778c5e6c4c2fa4393d73419
9a2c289a27e5543c86bc981ec3834a298be6f16e208b46d5f67869a758a61956
9c35a9840aeda15526e4c112f744475c9c95a80fd73a952a2a45732fc700ec08
9dc89e5b713b73f0381a206011373971e839045d008a2c521885f1dbe09d1cab
9f2f4d384357ebfaf0542f65566e93b31b3ee4e034d6d489944b844cd8a73342
9fb1dcff07013557060cdc965f4d3db6ece1eab17b3e2cafd0c9dcbf0defff25
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e
a695b8b12c7d88355d0b1b33d6c643a7913bcfbeae91553bd7560019188b1032
a71a8b796c9ca3c36497776219dcccdf4353645bf796ae341452b975f544bfa8
a81e805391d412d3efdb0cddde1c1239462e560dfc9b1aa491cc5cab27b817b5
ab5c23a05e39deed14d9d8262b0dce9f024f86105a27196cad37d14a3f516e09
acccc501aa6afa3cfac15e8ddccf1561deed2ed08c2f7d652abbdbe9aa71609a
ae1f94c6382a14b97db5dc6f255bf07c0ee75ae3fdf96a1e959a9cba3c1abd8b
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc
b04a268fbd6ac543dcd653b1c529871767a5b78cb2a2f40e54bcb0bfe2daa154
b329df3fc93c69a2430dd885f9f9cc4f5d86aa2736402bc36a86261037ca3bcb
b59fb884e042986638877395f3d08978aa6a7b31458f1d53d188799e4d677a28
b6a8163c6514c7be7a550ee3ada78784539712ed45c143cacde732480c70fae8
b7637a4cc7e15b52376c9dba975683af0b7987a44b3d05200747c035a6852274
b7c8ac54b9172ddc0982ceebb9a5128ab6da73a81276fe69921034d7fd0de1fd
bae24450aa2814f5074d59fc73928845b603d65af770cd8d923fa14d98cc2855
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
be2de8a131b3ce2d99a572a1bd3daa2336f83cb748d33cbda540f8d944b3c487
c0c2ec1f2d626ab278d81abe34d30681f0007e8c79a890165f27e3e1550e99b7
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c235f21017bcc11fcaa31d7dfd9855aaebcbf5f6d7ee9bf9f2e98a910907c391
c5d9c9f6bbfd42b7c3c63a20fb54ba49978b53f6b981fbabe4d56dd90b2b44ab
c5f572ed80485a43331f587039ef455ab7400d278434cdee0965a0fea35befcf
c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24
c8a7ea184c79a6f61c400968314d03aae7c327f03efc03603f6a3cbada7bfb9a
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
cc0e716595a20cd577f4cba25c11b4b54d92311f5f4bf22b992af281cabbc0c7
ccecef0b593af5846a0532ba35516e2334f02179a60af2d50b1f2c1d1c6c402c
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d21de028cdd89d37b6c5cef445662fb067ba46d05d78e79796684905ea4369fc
d2636cca6fd2ffd484e21ad5d3e1b9fab2d89378e756e8945574f8ed0def8131
d65f4b2e8eee94ddc7f762d098de19558d879a3b597c8913b4d075532e3ed4b4
d72c9fb59846aff6405d2973c81bd8da823493502fab893e026a736a1ba01838
d839b193eba1dd4578cc90dfe2fe6edea552e807f65af9e79780a58d0ad9b1bb
d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8
dc73a477fbcae789bdc30ad897438fa227873c50941cfbafd8abba1dfbc2b000
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
dfa1028a74436c56e0ee1367812c0ee599d6814ec4a3079ca9b9afffba949e26
e0bfcf41c566f571ea252620518b4bee4496dba2b1df9a1aa3e436f81592e1b0
e0c750b97759124bffe209a81cfb7a3aa05dd20ca1168314348cb865254f1ce2
e15a095adc9899b592ceccdd4885a3be3674a6bf6ec4be762566360424deb1f3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e52305b4dcebd8efb37d3aa279475b70d22f1d5ebefbf2c253d51f1a23c79d73
e6ee39f6114bbeeb00f831c04892edaecb6cad0ee618b30e43a16d038e3e4898
e7e582de149bb6ebadeca427fa3b399d3e6db337085f6336de368ac68a8fa0d0
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef5c05f4b2ffe159d9a038296fc9d02de5d69fd18500028b9b84a524f66a39d9
f00340624ead5370c90c6c143feaeee7120ce637921e26df9ed73e4c06b3e497
f03571862f0c2c11f91db91e223cd5d59e6b4e9e572c38c7251ff8dbfa32f908
f52a0c7d9fa7ae8e45916c491ae7193f9a1e289f128f05264122c53d8da970db
f6b8016adbaa736caeb1372ed11deb3247b753b90ac6bc340856d5be8d579bca
f917a9105c311331b1d40f4d2bdbf11233c1c465616c1a9c46232f451463b061
fa0d059cc02895fb68d146144f99912d04e034b5463ebc119bd74b045417732b
fcdb3e9c537977f28236c7be6ead4b207a20e0629b05e2aaea16a5a8c034def4

www.mediafire.com Open in urlscan Pro 104.16.53.48 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

328 Requests

83 %HTTPS

0 %IPv6

93 Domains

138 Subdomains

82 IPs

7 Countries

2086 kBTransfer

6028 kBSize

155 Cookies

9 Outgoing links

Redirected requests

328 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 7 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.mediafire.com Open in urlscan Pro
104.16.53.48 Public Scan

Screenshot
Live screenshot

Full Image

328
Requests

83 %
HTTPS

0 %
IPv6

93
Domains

138
Subdomains

82
IPs

7
Countries

2086 kB
Transfer

6028 kB
Size

155
Cookies

328 HTTP transactions
7 data transactions